According to Sucuri Security a Web-security company, cyber-criminals are exploiting one unique PHP configuration so they may inject malware into online sites using the hosting services of 24/7 active VPS (Virtual Private Servers), which they already compromised.
The development apparently resulted in a large number of websites getting contaminated with malevolent and invisible iFrames that's reason for much worry.
David Dede, confidence researcher at Sucuri stated that the company was waiting to know the servers under the criminals control, while one special server php.ini details (/etc/php/php.ini) contained an added environment namely ;auto_append_file = "0ff." ARTECH-news.com published this on December 24, 2011.
...
