Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
    Digg this story   Add to del.icio.us  
New Linux worm crawls the web
Published: 2005-11-07

A new Linux worm is crawling the web looking for a large number of vulnerable PHP systems and applications. The worm, known as Linux.Plupii (Symantec) or Linux/Lupper.worm (McAfee), is rated as a Category 2 worm by Symantec, while McAfee considers the risk "low." The worm installs a Trojan using wget and the attack allows for arbitrary code execution under the privileges of the web server user.

The worm exploits PHP based vulnerabilities discovered back in June, and affects a large number of PHP web applications that use XML-RPC. The Trojan makes simple requests to web servers running on port 80 and the attack has been well documented by SANS. Unpatched systems are ripe for exploitation. Affected systems will need to be wiped and have the OS reinstalled, in most cases.

The report comes on the heels of a new PHP release that addresses more security issues. Readers are also reminded of the Perl-based Santy worm and its variants as an indication that web-based worms that target Linux and Unix applications are becoming much more commonplace.

Posted by: Kelly Martin
    Digg this story   Add to del.icio.us  
 
Comments Mode:
New Linux worm crawls the web 2005-11-08
Anonymous (3 replies)
Re: New Linux worm crawls the web 2005-11-08
Anonymous
Re: New Linux worm crawls the web 2005-11-09
Anonymous
Re: New Linux worm crawls the web 2005-11-09
Anonymous
New Linux worm crawls the web 2005-11-09
Anonymous
Suggest new title 2005-11-09
Anonymous (1 replies)
Re: Suggest new title 2005-11-10
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus