ByteVerify trojan on websites and html pages flame.so
many users are starting to report:
http://securityresponse.symantec.com...yteverify.html
On their websites, at first I thought it was their local system infected but after further investigation that isn't the case.
PHP appears to have a hole that allows users to overwrite in memory the output of pages where a malicious attacker uploads something simlar to flame.so.
This injects code onto user pages through the Apache server. However since it only modifies them in memory, it doesn't have access to modify files on the server, yet...
Had users scan their computers who get alerts about a virus on their webpage with Norton, the computer is clean, its the page that has the issue. When the download the pages and scan them they're clean because its only changed in memory, not the raw file.... sneaky.
Watch out guys this one's nasty!.
