PHP Virus

[deenx]

Can a virus be embedded in a PHP code.

[ivan37]

Short answer: Yes

Long answer: By the loose definition of a virus, yes, you can make a PHP script that, for example, will go through every other PHP file on your computer and tack on the virus code to it. In fact, there are 2 viruses that do exactly that. Here is one: http://www.europe.f-secure.com/v-descs/neworld.shtml

The thing is, though, these kinds of things are easy to detect. Just edit your PHP files and look for anything strange that wasn't in there when you made it. It is also nice, because unlike compiled viruses, you can usually pretty easily see what the virus could have or has already done making it easy for cleanup.

[Gobinjf]

Originally posted by deenx
Can a virus be embedded in a PHP code.

In fact, if you mean that "can my computer used as a web client be infected by a PHP virus", the answer is as far as I know no.

PHP is a scripting language that is executed on the server, not on the client. So, no risks for the client.

Jean-Francois

[aarobonob]

keep in mind tho, that php possesses the ability to create html files in a sense. (i think its the writef function? not sure) anyways, that means that any other exploit or "virus" can be coded in php, even perhaps scrambled ina variety of characters and such, so that it will generate a harmful page.