Discovered on: November 9, 2000
Last Updated on: November 13, 2000 0 4:02:47 PM PST
PHP.Pirus is the first virus written in PHP, a server-side
scripting language used for dynamic Web page generation.
The virus searches for .php and .htm files and inserts code to call
itself. The virus executes only on servers with PHP interpreters.
This virus cannot be contracted by simply visiting an infected
Infection length: 718 bytes
Virus definitions: November 13, 2000
Number of infections: 0-49
Number of sites: 0-2
Geographical distribution: Low
Threat containment: Easy
This virus is written in PHP and is contained in a file that is 718
When executed, the virus searches the current directory for files
with .php or .htm extensions. If one of these files is writable, the
virus opens the file to determine if the file is already infected. If the
file is not infected, the virus inserts a line to execute the original
viral file rather than appending itself to the infected file.
The name of the viral file may vary, therefore to properly remove
this threat, one should:
1.Delete the original viral file.
2.Remove the PHP code that loads the viral file from all .php
and .html files.
eg. If the viral file is named "virus.php", then the following code
segment should be deleted from all files in which it is contained: