Worm attacks Linux systems


Worm attacks Linux systems

Antony Savvas

A new worm is attacking Linux-based systems by taking advantage of security vulnerabilities in web servers.

The worm has been called “Lupper” by McAfee and “Plupii” by Symantec which, with other internet security companies, have detected it in the wild.

The worm attacks web servers and tries to execute its payload on servers that are not fully protected against a number of known threats.

A backdoor is installed on infected servers, giving the attacker remote control over the system without the owner of the system knowing.

The server then joins a network of compromised systems which can be used to attack other computers as part of a botnet of “zombie” computers.

The worm exploits three web server vulnerabilities to propagate itself: the XML-RPC for PHP Remote Code Injection vulnerability, the AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability, and the Darryl Burgdorf Webhints Remote Command Execution Vulnerability.

No security patch is available for the last vulnerability, although fixes are available to block the first two threats.

The worm tries to spread itself through UDP port 7222, which is also used to open a backdoor for remote attackers.

So far the worm has not spread widely said both security companies, partly because the server vulnerabilities it exploits are widely known about, although the SANS internet security institute says it has seen some systems hit already.

If a machine has been infected, Symantec recommends complete reinstallation of the operating system because it will be difficult to determine what else the computer has been exposed to, said the firm.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy