Originally Posted by qlue
PHP scripting seems like a pretty poor way to write malware. If you're going to write malware for Linux, wouldn't it make more sense to use Python which is installed by default in almost every distro? (I'm not really much of a programmer so maybe there's something I just don't understand here?)
I imagine it's down to the vast majority of website software using php, and it's convenient that most php software is public facing (wordpress, phpbb, etc). I may be wrong, but from what i gather it's looking for flaws in web software (php applications), again, convenient if the script is written in php also. Once the php script is uploaded/injected into another application, it will then try to elevate privileges by scanning for flaws in other software on the local machine (mostly local root exploits). That is the case with most malware scripts anyway.
There's more web software using php as the backend than there is python (generally). Of course, once you get a mallicious php script onto a linux box, as you say python is installed on almost all distros, it could easily contain payloads that are written in python.