Over on Dynamically Typed today, there's a new posting concerning the latest worm(s) that seem to be going around - Sanity/Perl.PhpInclude.

Looks like someone's finally got nasty, in writing code which targets potential mistakes people often make with PHP. Although you may be on holiday, recommend giving these some thought at least and, if in doubt, do what Christian as done and take it offline until you've got time to deal with it.

He discusses both, mentioning how they attack, what they can effect, as well as how to get rid of every trace of it left behind.

He wraps it up with a bit about ModSecurity and how it can help to keep things a bit safer in the future...

UPDATE: Leendert Brouwer also submitted a link to explain more about the "Automated Arbitrary File Inclusion" issue.