‘Viral’ Marketing Campaign from Bytware Targets PHP-i5/OS Security
October 15, 2007 Alex Woodie
Is i5/OS susceptible to a PHP virus? According to i5/OS security software vendor Bytware, it very well could be. In any event, System i users should be aware of the security threats posed by enabling PHP on the server, the company says, and that’s why it kicked off a “viral” marketing and educational campaign at the COMMON Focus show in Columbus, Ohio, yesterday.
Bytware’s campaign, which will play out on the Web over the next several weeks, revolves around a story about a financial services company whose System i server is hacked by a crime syndicate in China. While the story is made up, the avenue into the server is a real PHP vulnerability.
The System i community is encouraged to participate as the story unfolds via videos posted to the campaign’s main Web site, www.i5virus.com, as well as on videos posted to YouTube and advertisements run on System i-related Web sites. The campaign is organized as a scavenger hunt, where people must visit certain Web sites to find answers to questions on PHP and i5/OS security and ultimately be asked to solve the mystery. Buttons distributed at this week’s COMMON show in Ohio are also the source of some clues. At the end of the saga, Bytware will select several winners in a drawing. Potential prizes include an Apple iPod, a Nintendo Wii game console, and iTunes gift cards.
The story about the PHP hack and the Chinese crime syndicate is fictional, but it does serve to highlight the very real threat posed by PHP on the System i, says Chris Jones, Bytware’s marketing director and the guy who created the viral marketing campaign.
“The premise in the game is a real vulnerability. Whether it would be easy to exploit, I don’t know,” Jones says. “We want to raise some awareness about PHP security and vulnerabilities. You need to be aware about potential vulnerabilities and make sure that you’ve configured everything properly.”
This is the second such campaign Jones has created for Bytware, a Reno, Nevada-based developer of systems management, security, and anti-virus tools for the i5/OS server. Several years ago, Jones, who lives in Japan, directed the “iSeries Security Caper” that played out in fictional newspapers. In that case, the company was highlighting its newest product, StandGuard Anti Virus, which detects and removes Windows viruses from the System i’s Integrated File System (IFS).
While i5/OS itself is immune from Windows viruses, the IFS can serve as a repository for Windows viruses, and serve to infect and re-infect Windows PCs, even if they’re running antivirus themselves.
The possibility of a PHP vulnerability leading to a virus that could infect i5/OS or the IFS is similar, in some respects, to the known problem of Windows virus infestations on the System i server. The security organization PHP.org lists some 480 known vulnerabilities in the PHP runtime, including the deep recursion stack overflow vulnerability that Bytware is using in its fictional account.
So what’s the payoff for Bytware? While details are scarce at this point, it appears the company is developing some type of security product for the System i that will address the potential problem of PHP viruses infiltrating the system. Whether it’s a new product, or an extension of StandGuard Anti Virus is not known at this point.
In the meantime, it should be fun watching Bytware’s ‘viral’ marketing piece play out over the next few weeks.