The worm exploits PHP based vulnerabilities discovered back in June, and affects a large number of PHP web applications that use XML-RPC. The Trojan makes simple requests to web servers running on port 80 and the attack has been well documented by SANS. Unpatched systems are ripe for exploitation. Affected systems will need to be wiped and have the OS reinstalled, in most cases.
The report comes on the heels of a new PHP release that addresses more security issues. Readers are also reminded of the Perl-based Santy worm and its variants as an indication that web-based worms that target Linux and Unix applications are becoming much more commonplace.
Posted by: Kelly Martin