What is a PHP virus? What harm could it cause
What harm can virus sites that contain malicious PHP virus code cause? What is an example of a piece of PHP code that could potentially harm your computer or steal information? I know that most if not all client-side code cannot cause any harm, but how about the server-side code, what harm could the PHP virus cause?
It all comes down to the credentials that that PHP code is running with on the server. If the apache2 process running that PHP code is running as www-root, the damage that this script can do goes to the extent of what www-root can access, which would typically mean all of the /var/www/ folder. To better understand the question you need to understand how linux works, if the web server is running under linux, to fully understand the extent of the possible damage. If it's running under Windows, it would be the same thing, only the damage would be to the extent of what the owner of the process is able to use the machine's resources for.
- Things that typically PHP virus do are:
- Use your server to send spam
- Use your server to brute force other servers
- Use your server's resources to join their own rig and mine crypto-currencies
Php virus is primarily focused on “locking” existing files that are already infected, which prevents the website owner from being able to clean them infected files. From the tool, attackers can select different functionalities labeled as:
- Check the Environment
- Lock File
- Make locked files modifiable
- View Function
- phpinfo
- php_version
These functions are responsible for executing specific actions within the site. For instance, Check the Environment will list the path of php and the current PHP version. View Function is another handy feature which checks the PHP configuration information (e.g phpinfo) for disable_functions to give attackers an idea as to which functions are accessible and can (or cannot) be used to their advantage.