Old CGI-PHP vulnerability used to spread Bitcoin botnet


In an article by Benoit Tessier, we learn that hackers at at it again with an old vulnerability to attack your web server.

In 2012, researchers discovered a flaw in some PHP builds that would enable a remote attacker to execute commands on the server, if PHP was configured as a CGI script (PHP-CGI) at the time. Now, it’s being used again to propagate a botnet and mine for Bitcoins.

Scanning for said flaws was easily automated, and the issue has been linked to various attacks several times over the years. This week, following a spike back in August, researchers at Trustwave noticed an uptick in attacks targeting the PHP-CGI flaw, and the endgame is the installation of BoSSBoTv2.

You might be interested in reading the entire story.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s