"As previously reported by CNET News.com, the flaws
occur in server modules using the PHP Web scripting language. PHP
originally stood for Personal Homepage, but as the language's
functionality increased, the name was changed to PHP: Hypertext
Preprocessor to better reflect its general usage. The language is
widely used among sites built on open-source software and allows
such sites to create Web pages on the fly.
David Dittrich, senior security engineer at the University of
Washington, stressed that while the technical nature of the flaws
would make creating a worm more difficult, the Net is rife with
groups that have the wherewithal and knowledge to pull off the
'It's just a matter of time before someone does a worm,'
Dittrich said, adding that systems administrators who have Web
sites running a flawed version of PHP should patch their version as
soon as possible."