Developer Creates Rootkit That Hides in PHP Server Modules

A Dutch web developer has created a rootkit that hides inside a PHP module and can be used to take over web servers via a rarely used attack vector: Apache modules.

According to a classic definition of a rootkit, this is a piece of code that works on the lowest levels of the operating system, intercepting kernel operations and injecting malicious actions.

Many of today’s rootkits work near the OS kernel and require a high-level of proficiency on the attacker’s side to get it to run without crashing the victim’s computer.

It’s this need for advanced C and C++ coding skills that drove Luke Paris, a Dutch web developer, to attempt to create a rootkit that interacts with the PHP interpreter, instead of the OS kernel.

“Learning how to use the Zend Engine (the framework the entire PHP language is built with) is a lot easier than learning how to write kernel modules, simply…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *