Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

Skip to comments.

New worm targets Linux systems
CNET News.com ^ | November 7, 2005, 5:12 PM PST | Joris Evers

Posted on 11/07/2005 6:00:27 PM PST by Bush2000

New worm targets Linux systems
By Joris Evers
Staff Writer, CNET News.com
Published: November 7, 2005, 5:12 PM PST

A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."


Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.

The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script, no fixes are available for the script, according to Symantec's DeepSight Alert Services.

McAfee rates Lupper as a low risk. Symantec, which calls the worm Plupii, rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.

Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.


TOPICS:
KEYWORDS: flamewarinthemaking; gatesbot2000; linux; paidshill; redmondpayroll; shamelesstroll; shillboy2000; valentilapdog; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-89 next last
To: RedBloodedAmerican
Not me, and here's why: Windows Advanced Server 2000, Windows Server 2003 Enterprise Edition.

There's a reason my company's new server will be running either FreeBSD, or Gentoo Linux. That website is the biggest reference why.

I wouldn't want to explain to my boss how someone hacked into our business software and stole the accounting, personal, and various other sensitive records of over $4 Million a year with major companies involved (such as Mowhawk, Shaw and Beulieu Carpets). So I choose security, I choose Open Source.
21 posted on 11/07/2005 7:44:16 PM PST by youngtechster
[ Post Reply | Private Reply | To 19 | View Replies]

To: RedBloodedAmerican

You're fired.


22 posted on 11/07/2005 7:45:01 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 19 | View Replies]

To: youngtechster

Did you read the solutions to those (according to secunia) unpatched problems? Half of them are a joke!

"Solution: Ensure that systems have up-to-date anti-virus and spyware detection software installed"
"Solution: Restrict physical access to vulnerable systems. Disable USB support"
"Solution: Connect only to terminal services over trusted networks"
"Solution: Do not open untrusted ".mdb" database files"
"Solution: Don't view or process untrusted EMF files"
"Solution: Grant only trusted users access to affected systems"
heehee. At the end of each they should put "DUH!"!!!

Rule number one: no network is any more secure than the netadmin makes it, period. No matter what they run. I'll stick with MS. If the router is configured properly, then your boss has no worries in any case


23 posted on 11/07/2005 8:00:25 PM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 21 | View Replies]

To: Leapfrog

LOL! Mom, I'm gonna get you!


24 posted on 11/07/2005 8:00:55 PM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 22 | View Replies]

To: RedBloodedAmerican
The fact that those vulnerabilities even exist CURRENTLY is the issue.

also, this 'worm' is an exploit of a vulnerability assessed at the end of June. Most software it effects has been patched already. If web administrators are up2date on their software, they have nothing to fear... the issue was resolved about early-mid July for Drupal (a CMS that I use).
25 posted on 11/07/2005 8:07:36 PM PST by youngtechster
[ Post Reply | Private Reply | To 23 | View Replies]

To: A CA Guy
I'm still of the opinion that the reason MS gets most all of the virus attacks is simply because it is what most all use in the world.

That's probably a large part of it. There's also a religious aspect to it, though -- there's lots of folks who hate the infidel Microsoft.

If/as Linux becomes more pervasive, I think there will be many more nasty bugs written for it.

26 posted on 11/07/2005 8:10:57 PM PST by r9etb
[ Post Reply | Private Reply | To 6 | View Replies]

Comment #27 Removed by Moderator

To: Bush2000
with their zillions of eyeballs constantly scanning the open source code, Linux can't be targeted by worms and viruses...

Has anyone on this board said this? or is this just an attempt to mistate the position of people here?

28 posted on 11/08/2005 4:50:23 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Or, alternatively, you're an ABMer zealot

You'll excuse me but the person between the two of you who spends more time and effort to attack an operating system is not Leapfrog so your attempts to smear him as a zealot seem misplaced and somewhat ironic.

29 posted on 11/08/2005 4:55:06 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Bush2000

You realize, of course, that FreeRepublic runs on Linux?


30 posted on 11/08/2005 4:55:18 AM PST by twntaipan (Tagline space for sale or rent.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: RedBloodedAmerican

RUle Number 1: Most serious incidents occure from the inside not outside..


31 posted on 11/08/2005 4:58:53 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Bush2000
Can somebody please explain why if Windows Server (pick your version is so good), why at least 3 of MSN.com's web server's are running FreeBSD?

Or can someone explain why Google runs all of it's site on Linux?

Or why Yahoo! runs it's site on FreeBSD?

32 posted on 11/08/2005 5:04:48 AM PST by twntaipan (Tagline space for sale or rent.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: youngtechster

I think your math is a little off.....

Securia, this site you're so gung-ho on showing us that rips apart the arguments to use Windows Server 2003, and instead use Gentoo Linux....

Windows Server 2003 has 79 vunerbilities on their site, while Gentoo has over 700!!!!

Seems like someone's not paying attention.

Windows Server 2003 is a very good environment. Period. I challenge you to show me a point where Windows Server 2003 is severely deficient in the product offerings. Not just "well, it's MS, so it has to stink". Not the religious arguments. If you haven't used it, then you need to stop blasting it. It's got a LOT of nice features.

I haven't used the Gentoo Linux build, but from the numbers you've shown, they look like a major danger as opposed to MS.

So, please stop the religious attacks on the MS/Linix wars. It doesn't help your side to post junk like that.

Paul


33 posted on 11/08/2005 6:24:18 AM PST by spacewarp (Visit the American Patriot Party and stay a while. http://www.patriotparty.us)
[ Post Reply | Private Reply | To 21 | View Replies]

To: spacewarp
Windows Server 2003 has 79 vunerbilities on their site, while Gentoo has over 700!!!!

Windows 2003: "Currently, 8 out of 71 Secunia advisories, is marked as "Unpatched" in the Secunia database."

Gentoo: "Currently, 0 out of 746 Secunia advisories, is marked as "Unpatched" in the Secunia database."

Of course given the differences in the licensing and, more importantly, the packaging of Linux distributions versus how Microsoft does theirs its really hard to compare 'Linux' and Windows on a one for shot. but Ive seen both camps use secunia, cert and other such numbers in a way anyone even close to even tempered on the subject should abhor..

34 posted on 11/08/2005 10:54:41 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 33 | View Replies]

To: youngtechster
Do you bother to read your own BS? Here's a perfect example: Secunia reports 746 vulnerabilities in Gentoo Linux, compared to 110 for Windows 2000 and 73 for Windows Server 2003. Wanna get 0wn3d? Use Linux. It leads the way in defacements and other server break-ins.
35 posted on 11/08/2005 11:37:28 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 21 | View Replies]

To: N3WBI3

Read for comprehension. Where did I say that?


36 posted on 11/08/2005 11:47:31 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 28 | View Replies]

To: N3WBI3
You'll excuse me but the person between the two of you who spends more time and effort to attack an operating system is not Leapfrog so your attempts to smear him as a zealot seem misplaced and somewhat ironic.

I didn't ask you. Begone.
37 posted on 11/08/2005 11:47:58 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 29 | View Replies]

To: twntaipan
You realize, of course, that FreeRepublic runs on Linux?

No wonder it runs so slowly and has regular downtime...
38 posted on 11/08/2005 11:48:58 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 30 | View Replies]

To: twntaipan
Or can someone explain why Google runs all of it's site on Linux? Or why Yahoo! runs it's site on FreeBSD?

Sure, they don't want to enrich their competition.
39 posted on 11/08/2005 11:49:44 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Bush2000
So in other words a bunch of 'linux guys' that are 'your friends' said something that nobody here (at least that you can point to) agrees with is that about the point of your post?
40 posted on 11/08/2005 11:50:58 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 36 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-89 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson