New worm targets Linux systems

by admin November 8, 2005 at 7:02 am

A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned anti-virus companies on Monday in the United States.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm “Lupper.”

Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf’s Webhints Remote Command Execution Vulnerability, according to Symantec’s online description of the worm.

Read more: ZDNet.com.au