Fortinet
Thank you for submitting sample to Fortinet.
This malformed GIF sample wants to escape the upload file checking process when being uploaded to the php web server (such as CVE-2006-6338). Attacker just uploads it as a image file, and the server will accept it. Then, the attacker could execute it by multi vulnerabilities of the PHP applications. Such as, Rename and Execute it(cve-2006-7070) or Execute it directly (CVE-2008-3117).
The sample you submitted will be detected as DATA/PHPEmb.A!exploit in next update.
Regards,
Kyle
卡巴中国
尊敬的用户,您好!
您上报的样本文件没有问题。非常感谢您将病毒样本提供给我们,有了您的支持我们会做的更好
Kaspersky
Hello,
prc.gif_ - Trojan.PHP.Agent.a
New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.
Please quote all when answering.
--
Best regards, Vitaly Butuzov
Virus analyst, Kaspersky Lab.
Sophos
Hi Johnson
thank you for your email. The file prc.gif that you sent to us foranalysis is a Trojan, Troj/Phoison-A, further details of which can befound on our web site at
http://www.sophos.com/security/analyses/viruses-and-spyware/trojphoisona.html
and an IDE file that will allow Sophos to detect this is now available on the Databank.
ESET
As such, the file is not malicious -- but the analysis by Fortinet is
correct. Indeed, the file attempts to look like a GIF, most likely as an
attempt to fool AV scanners or filetype-recognition tools. If it is fed
to the PHP interpreter, it displays a few interesting pieces of
information about the server it's running on. That's all, though -- so
I'd classify it as a potentially unsafe application. |
发表于 2008-9-30 11:56:35
发表于 2008-9-30 11:58:15
发表于 2008-9-30 12:04:39
