Following the footsteps of MOAB, MOKB, MOBB, the Hardened-PHP Project declares March as the Month of PHP Bugs and promptly publishes three PHP flaws, one of which comes with an exploit to boot:

• PHP Variable Destructor Deep Recursion Stack Overflow
  - destruction of deeply nested PHP arrays can exhaust all available stack leading to remotely triggerable crashes

• PHP Executor Deep Recursion Stack Overflow (CVE-2006-1549)
  - deep recursion of PHP userland code can exhaust all available stack sometimes leading to a remotely triggerable crash

• PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
  - PHP 4 userland code is able to overflow the internal 16bit zval reference counter by creating many references to a variable leading to an exploitable double dtor condition
  - comes with an exploit

The project clarifies that it is not going after bugs in the PHP language itself, rather it aims to divulge flaws and security vulnerabilities in the PHP core, the Zend Engine, and PHP extensions.

Recent variants of RINBOT exploited a vulnerability in Symantec antivirus software. RINBOT emerged in 2006 spawning new variants of RINBOT in mid-February that exploited certain software (including Windows) vulnerabilities. Trend Micro detects the newest Rinbot variants as WORM_RINBOT.F and WORM_RINBOT.E. Both variants exploit an old SQL Server flaw, propagates via network shares, and has backdoor capabilities.

As newer variants emerge, information will be posted in the Trend Micro Virus Encyclopedia. Solutions for cleaning are available in the above links. RINBOT can be blocked by using firewall applications, specifically blocking and restricting outgoing port traffic.

RINBOT does not currently exploit any known vulnerability in any Trend Micro products.