Php.net attack traffic captured by researchers from Barracuda Networks on Tuesday contained a Flash Player exploit, but according to researchers from Trustwave an exploit for the CVE-2013-2551 vulnerability, which affects Internet Explorer versions 6 to 10, was also used. This vulnerability was patched by Microsoft in May.
Kaspersky Lab senior security researcher Fabio Assolini said on Twitter that if successful, the exploits installed a Trojan program called Tepfer.
The Tepfer malware is designed to steal log-in credentials and configuration information from FTP client software, according to an August analysis by researchers from Fortinet.
Many users who visit the php.net website are Web developers, and they are likely to store FTP log-in credentials on their computers for the websites they maintain. Users who believe they might have been compromised as a result of this attack should probably change the log-in credentials stored in their FTP clients.