A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, antivirus companies warned on Monday.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper".
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.
A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a botnet, according to McAfee.
The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.
The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script; no fixes are available for the script, according to Symantec's DeepSight Alert Services.
McAfee rates Lupper as low risk. Symantec, which calls the worm "Plupii", rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Centre, which tracks network threats, reports some worm sightings.
Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.
Talkback
Use Linux .. it's safe ... LOL
Use Windows it's safer .. ROFL
A single, low distribution, low to medium risk Linux worm vs. how many thousand Windows virii ?!
(Not Anonymous)
My Linux boxes are safe. But then, I'm not running *any* of the three flawed packages. In fact, I'm not sure that any desktop Linux user would be running these packages. And they would need to be running all three buggy packages to be vulnerable to this worm anyway.
I have looked into my crystal ball of the bl**^Wextremely obvious, and predict that this worm isn't going to cause a lot of problems.
Bah!
Use a Mac and never have to worry....
Absolutely NOTHING is safe. There's always annoying criminals constantly finding (or making) security holes in software.
Well, Mr Anonymous (coward), if you use a proprietry piece of software or OS, then the criminals have already got their hands on your system. At least with GNU/Linux, you can see what the code is and what it is doing.
That's why it is called open source, the source code is OPEN for ALL to see. If there are any problems with the code, then it isn't shunted to some little known department for one or two people to work on and produce a patch in months, it is worked on by tens, hundreds or thousands of coders all over the world, who constantly review each other's submissions for holes.
The only pressure they have is to produce good code. No PR people spouting off about the "security" of their product, no marketing people pressuring them to get the product out before it is finished and no project managers cutting corners to get the product out on time while reducing the numbers of coders working on it.
I had a look at the numbers of linux viruses (and worms) out there in a virus database, and I discovered that this worm raises the number of these things on GNU/Linux by 10%. Imagine the uproar if the number of Windows viruses and malware went up by 10% overnight? Now, who is running the more secure systems again???
Occupation: IT Analyst
Comment: Use Linux .. it's safe ... LOL
Well maybe if you bothered to READ the rest of the article you would see IT IS SAFE unlike your AR** wipe windBloZe that has so many holes it defies counting ..
:-) you want to LOL then take a look at M$ Corp now there is a real LOL job
Use a Mac? I use an abacus. It gives me the same number of apps to easily complete my work. Even got two 5-button 'mice' thrown in.