Linux worm on the loose
Published: 08 Nov 2005 08:55 GMT
A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, antivirus companies warned on Monday.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper".
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.
A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a botnet, according to McAfee.
The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.
The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script; no fixes are available for the script, according to Symantec's DeepSight Alert Services.
McAfee rates Lupper as low risk. Symantec, which calls the worm "Plupii", rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Centre, which tracks network threats, reports some worm sightings.
Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.
Did you find this article useful?
109 out of 187 people found this useful
- Share this article:
Full Talkback thread
8 comments
-
Use Linux .. it's safe ... LOL Anonymous -
Use Windows it's safer .. ROFL
A single, low... Andrew Meredith -
Bah!
Use a Mac and never have to worry..... Anonymous -
My Linux boxes are safe. But then, I'm not ru... Chris Rankin
-
Occupation: IT Analyst
Comment: Use Linux... pgn
-
Use a Mac? I use an abacus. It gives me... XEQ -
Absolutely NOTHING is safe. There's always annoyin... Anonymous
-
Well, Mr Anonymous (coward), if you use a pro... Andy Cannon
