It did not take long after last week’s phpBB worm to have a new one emulating phpBB’s targeting mean: the Google search engine. “PhpInclude.Worm” is the name of the threat.
This time, it’s not the vulnerabilities of phpBB (known bulletin board administration software) that are exploited, but a security loophole that many php (a common language used to build web applications) based programs might have. If the arguments of the php functions “include()” and “require()” are not checked properly by the program, it could allow malicious code to be executed.
This is mainly targeting web servers and the common computer user should not directly suffer from this. I wonder if Google is going to shut down this worm as well, and how they will handle this growing problem.