PHP_SIMPLE_PHP_BLOG_TRAVERSAL_EXPLOIT
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
TECHNICAL DETAILS
NOTES:
This is the Trend Micro detection for malicious network packets that may manifest any of the following actions:
- Reading of arbitrary files on the remote system
Additional information can be seen in the following site:
The following is the affected software and version:
- Simple Php Blog version 0.3.7c
If your Trend Micro product detects malicious network packets, your system may have malware that sends the network packets. Scan your system with your Trend Micro product to locate the malware. Delete the malware immediately, especially if the detected files came from an untrusted or an unknown source (e.g., a website of doubtful nature).
However, if you have reason to believe that the detected file is non-malicious, you may submit a sample for further analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.
SOLUTION
9.750
NOTES:
Trend Micro advises users to download and apply critical patches upon release by vendors of the affected software. Refrain from using these products until the appropriate patches have been installed.
To get an accurate analysis of your system, Trend Micro recommends downloading and scanning your system using our Trend Micro Anti-Threat Toolkit (ATTK) tool. This tool scans your system and outputs a log file. It helps in investigating suspicious files, processes, and activities in your system.
Refer to the following Trend Micro eSupport page to know more about the tool and to download a version suitable for you:
Office users (OSCE, WFBS)
http://esupport.trendmicro.com/solution/en-us/1059565.aspx
Home users (Titanium)
https://esupport.trendmicro.com/solution/en-us/1059509.aspx
Did this description help? Tell us how we did.