Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

Skip to comments.

New worm targets Linux systems
CNET News.com ^ | November 7, 2005, 5:12 PM PST | Joris Evers

Posted on 11/07/2005 6:00:27 PM PST by Bush2000

New worm targets Linux systems
By Joris Evers
Staff Writer, CNET News.com
Published: November 7, 2005, 5:12 PM PST

A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."


Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.

The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script, no fixes are available for the script, according to Symantec's DeepSight Alert Services.

McAfee rates Lupper as a low risk. Symantec, which calls the worm Plupii, rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.

Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.


TOPICS:
KEYWORDS: flamewarinthemaking; gatesbot2000; linux; paidshill; redmondpayroll; shamelesstroll; shillboy2000; valentilapdog; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-89 next last
This has to be incorrect. My Linux friends assure me that, with their zillions of eyeballs constantly scanning the open source code, Linux can't be targeted by worms and viruses...
1 posted on 11/07/2005 6:00:28 PM PST by Bush2000
[ Post Reply | Private Reply | View Replies]

To: All
Can somebody please explain why there are always more vulnerabilities found for UNIX/Linux systems than Windows in these bulletins?

http://www.us-cert.gov/cas/bulletins/

This is some kind of mistake, right?
2 posted on 11/07/2005 6:03:40 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

I wonder how long it took Microsoft to write it? ;-)


3 posted on 11/07/2005 6:04:09 PM PST by A CA Guy (God Bless America, God bless and keep safe our fighting men and women.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000

Looks like a web service bug, not the base OS.

Your friends are correct.


4 posted on 11/07/2005 6:05:02 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: A CA Guy

How long MS to write it? Hell. I wonder how long it took Mr. Objective here to find the article?


5 posted on 11/07/2005 6:07:22 PM PST by chronic_loser (Handle provided free of charge as flame bait for the neurally vacant.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: chronic_loser
I'm still of the opinion that the reason MS gets most all of the virus attacks is simply because it is what most all use in the world.

Do you go after the 99.2% or the .8% of the systems?
I think they go where they can affect the most people.

Computers are nothing more than a bunch of magnetized 011010010101010's regarding hard drives, so there really is no protection where there is a will to bust it.
6 posted on 11/07/2005 6:11:54 PM PST by A CA Guy (God Bless America, God bless and keep safe our fighting men and women.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Leapfrog
Looks like a web service bug, not the base OS.

And IIS is only a web server. And IE is only a web browser. And Outlook Express is only an email client ... blah, blah, blah...
7 posted on 11/07/2005 6:12:52 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Bush2000

"vulnerabilities in Web server software is attacking Linux systems"

Yes, it's attacking systems, not some web service.

Wouldn't it be easier and less challenging to write code (worms) to an open source system?


8 posted on 11/07/2005 6:14:08 PM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Can somebody please explain why there are always more vulnerabilities found for UNIX

Perhaps because when a problem is found, we fix it right away?

9 posted on 11/07/2005 6:16:23 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: RedBloodedAmerican
Wouldn't it be easier and less challenging to write code (worms) to an open source system?

Yes, it would be. But hackers apparently are more interested in targeting systems with enormous market share.
10 posted on 11/07/2005 6:17:17 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Bush2000
blah, blah, blah...

Yes, okay.

11 posted on 11/07/2005 6:18:35 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Leapfrog
Perhaps because when a problem is found, we fix it right away?

Again, why are there more vulnerabilities found in the open source code? If security-through-obscurity doesn't work, then you would expect an equivalent number of vulnerabilities in closed source systems. But that doesn't seem to be happening...
12 posted on 11/07/2005 6:18:49 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Bush2000
But that doesn't seem to be happening...

I disagree. Your OS is not in my server room because it is unreliable. This goes directly to the heart of your "vulnerabilities" argument.

13 posted on 11/07/2005 6:21:14 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Bush2000

BTW, I'm more a Solaris/HP-UX/AIX guy than Linux.


14 posted on 11/07/2005 6:23:46 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Leapfrog
I disagree. Your OS is not in my server room because it is unreliable.

Or, alternatively, you're an ABMer zealot ... This goes directly to the heart of our "vulnerabilities" argument.

Your deployment choice doesn't constitute proof. Try dealing with the issue of vulnerabilities. You know: fact-based reality...
15 posted on 11/07/2005 6:31:44 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Leapfrog
BTW, I'm more a Solaris/HP-UX/AIX guy than Linux.

Ohhhhh, then you're very familiar with vulnerabilities...
16 posted on 11/07/2005 6:32:19 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Bush2000
ABMer zealot

I'm a career Unix Admin, so I'm probably guilty on the ABM thing. However, that opinion is based upon observation.

As to your tagline: Whatever. Linux/BSD/FreeBSD/whatever.
Yes, they are better than the current Microsoft products.

However, they are nowhere near to matching real commercial Unixes.

17 posted on 11/07/2005 6:45:09 PM PST by Michael Goldsberry (an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Bush2000

Unbelieveable. You have friends?


18 posted on 11/07/2005 7:20:05 PM PST by FLAMING DEATH (And now, for something completely different: www.donaldlancow.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Leapfrog

Unreliable? I would use Windows 2000 Advanced Server or 2003 Server over anything, anyday in a corporate LAN/WAN environment.


19 posted on 11/07/2005 7:33:12 PM PST by RedBloodedAmerican
[ Post Reply | Private Reply | To 13 | View Replies]

To: All
in truth, vulnerabilities are more publicized by the Open Source Software Community (hereafter referred to as OSS).. when comparing it to Micro$oft'$ vulnerabilities you are more likely to get a severe downsizing of the actual problem. in otherwords, they only publicize what they want to admit to.

The best way to get the truth is to go someplace that tracks bug reports on multiple fronts, the best place (IMHO) is Secunia. You'll find that there are multiples of vulnerabilities EVERY DAY reported for OSS, as well as Apple and M$ on occasion. The real key is when you look at the expedience in said vulnerabilities getting fixed, or 'patched'.

here's a scary thought: Windows XP Professional
compare the above to this: Gentoo Linux
Kinda scary if you ask me.

Also, to respond to the comment "I'm still of the opinion that the reason MS gets most all of the virus attacks is simply because it is what most all use in the world."

Yes, thats true, BUT even if the world did use OSS as a majority you'd find that many of the bugs that can be exploited are patched within days (if not hours). The reason exploits hit M$'s products so hard is because the bug is found, and M$ does nothing with it for weeks if not months. That is where the strength of OSS comes in.
20 posted on 11/07/2005 7:36:15 PM PST by youngtechster
[ Post Reply | Private Reply | To 6 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-89 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson