Hackers Who Breached Php.net Exposed Visitors to Highly Unusual Malware

Eight weeks after hackers compromised the official PHP website and laced it with attack code, outside security researchers have uncovered evidence that some visitors were exposed to malware that’s highly unusual, if not unique.

Israel-based Seculert said about 6,500 computers are infected by DGA.Changer, a malware title whose sole job is to surreptitiously download other malware onto compromised systems. One of five distinct malware types served to visitors of php.net from October 22 to October 24, DGA.Changer employs a novel way of evading detection and takedown attempts. Like previous trojans equipped with domain-generation algorithms, DGA.Changer is able to make on-the-fly changes to the command-and-control (C2) domain names that infected machines contact to send data and receive instructions. That stymies takedown campaigns that simply take control of the C2 domain names. DGA.Changer takes this evasive move one step further by allowing operators to change the algorithm “seed” that generates a specific set of pseudo-random domains.

via Hackers who breached php.net exposed visitors to highly unusual malware | Ars Technica.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.