Submitted by: Vinculum
Source: http://www.avx.com/php_newworld.html
So far it seems harmless and only affects c:Windows, but who still has this directory these days?
MEDINA, Ohio, January 5, 2001 '“ Central Command, a leading provider of PC anti-virus software and computer security services, and its partners today announced the discovery of PHP.NewWorld, the first virus using the Hypertext Preprocessor (PHP) scripting language. |
(..)
'This virus is not dangerous in any kind, but it can be modified to have a very destructive payload and marks a new step towards a new virus generation," said Steven Sundermeier, Product Manager at Central Command, Inc.
(..)
'Because the PHP language is absolutely free, we are anticipating that copycats of this PHP script virus will become prominent and will have much more damaging consequences in the near future," concluded Sundermeier.
PHP.NewWorld is spread in the system when executing an infected script. The spreading method does not allow the virus to leave the infected machine.
Description of PHP.NewWorld:
Name: PHP.NewWorld
Alias: None
Detection included in AVX Professional: 2001-01-05
Spreading method: uses PHP script functions
Description:
PHP.NewWorld looks for .php, .hm, .html or .htt files in the C:Windows directory. All files found with these extensions will become infected. When a user executes a .php file, the virus body will be executed from an external file and will take full control. In the case that the string 'NewWorld.PHP" is identified as already existing, the infection routine will not be launched again. Thus, a file will not get infected twice.
PHP.NewWorld has no activation date. The virus is not able to spread out from the infected system.
