Messages from ESET, new viruses specifically infected with PHP and HTML files and their variants have recently been discovered, and I hope you phper attention and upgrade your anti-virus software in a timely manner.
Name: Php.alf
Virus type: Worm
Infection Length: 846 bytes
Hazard Level: Medium
Propagation Speed: Medium
Technical Features:
This is a very simple virus, specifically infected with a suffix of. php,. htm, and HTML files. After the virus has been run, it is first renamed to Script.php, which is done by following these steps to accomplish this function:
1, to change their name to dir.php;
2, create C:\PHP (if the local machine does not exist in this directory);
3, will move themselves to the C:\PHP directory, still named after dir.php;
4, move back to the beginning of the directory to run, the file name changed to script.php.
Next, the virus searches its running directory for files that contain the following suffixes:
1. php
2,. htm
3,. html
It will open every found file and find the string "alf.php" in it, and the file will be infected if the string is not found. However, it simply adds a reference marker to the end of the file so that the virus can run every time the infected file is opened.
It appears that the virus search and find "alf.php" text string is used as an infection tag, so that a file can only infect once. However, because the infection process simply adds a reference mark to the end of the file, it does not really copy the virus code into the file, so the file can be infected multiple times.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
