Skip to comments.
New worm targets Linux systems
CNET News.com ^
| November 7, 2005, 5:12 PM PST
| Joris Evers
Posted on 11/07/2005 6:00:27 PM PST by Bush2000
New worm targets Linux systems
By Joris Evers
Staff Writer, CNET News.com
Published: November 7, 2005, 5:12 PM PST
A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.
A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.
The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.
The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script, no fixes are available for the script, according to Symantec's DeepSight Alert Services.
McAfee rates Lupper as a low risk. Symantec, which calls the worm Plupii, rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.
Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.
TOPICS:
KEYWORDS: flamewarinthemaking; gatesbot2000; linux; paidshill; redmondpayroll; shamelesstroll; shillboy2000; valentilapdog; worm
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-89 next last
This has to be incorrect. My Linux friends assure me that, with their zillions of eyeballs constantly scanning the open source code, Linux can't be targeted by worms and viruses...
1
posted on
11/07/2005 6:00:28 PM PST
by
Bush2000
To: All
Can somebody please explain why there are always more vulnerabilities found for UNIX/Linux systems than Windows in these bulletins?
http://www.us-cert.gov/cas/bulletins/
This is some kind of mistake, right?
2
posted on
11/07/2005 6:03:40 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
I wonder how long it took Microsoft to write it? ;-)
3
posted on
11/07/2005 6:04:09 PM PST
by
A CA Guy
(God Bless America, God bless and keep safe our fighting men and women.)
To: Bush2000
Looks like a web service bug, not the base OS.
Your friends are correct.
4
posted on
11/07/2005 6:05:02 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: A CA Guy
How long MS to write it? Hell. I wonder how long it took Mr. Objective here to find the article?
5
posted on
11/07/2005 6:07:22 PM PST
by
chronic_loser
(Handle provided free of charge as flame bait for the neurally vacant.)
To: chronic_loser
I'm still of the opinion that the reason MS gets most all of the virus attacks is simply because it is what most all use in the world.
Do you go after the 99.2% or the .8% of the systems?
I think they go where they can affect the most people.
Computers are nothing more than a bunch of magnetized 011010010101010's regarding hard drives, so there really is no protection where there is a will to bust it.
6
posted on
11/07/2005 6:11:54 PM PST
by
A CA Guy
(God Bless America, God bless and keep safe our fighting men and women.)
To: Leapfrog
Looks like a web service bug, not the base OS.
And IIS is only a web server. And IE is only a web browser. And Outlook Express is only an email client ... blah, blah, blah...
7
posted on
11/07/2005 6:12:52 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
"vulnerabilities in Web server software is attacking Linux systems"
Yes, it's attacking systems, not some web service.
Wouldn't it be easier and less challenging to write code (worms) to an open source system?
To: Bush2000
Can somebody please explain why there are always more vulnerabilities found for UNIX Perhaps because when a problem is found, we fix it right away?
9
posted on
11/07/2005 6:16:23 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: RedBloodedAmerican
Wouldn't it be easier and less challenging to write code (worms) to an open source system?
Yes, it would be. But hackers apparently are more interested in targeting systems with enormous market share.
10
posted on
11/07/2005 6:17:17 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
blah, blah, blah... Yes, okay.
11
posted on
11/07/2005 6:18:35 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: Leapfrog
Perhaps because when a problem is found, we fix it right away?
Again, why are there more vulnerabilities found in the open source code? If security-through-obscurity doesn't work, then you would expect an equivalent number of vulnerabilities in closed source systems. But that doesn't seem to be happening...
12
posted on
11/07/2005 6:18:49 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
But that doesn't seem to be happening... I disagree. Your OS is not in my server room because it is unreliable. This goes directly to the heart of your "vulnerabilities" argument.
13
posted on
11/07/2005 6:21:14 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: Bush2000
BTW, I'm more a Solaris/HP-UX/AIX guy than Linux.
14
posted on
11/07/2005 6:23:46 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: Leapfrog
I disagree. Your OS is not in my server room because it is unreliable.
Or, alternatively, you're an ABMer zealot ... This goes directly to the heart of our "vulnerabilities" argument.
Your deployment choice doesn't constitute proof. Try dealing with the issue of vulnerabilities. You know: fact-based reality...
15
posted on
11/07/2005 6:31:44 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Leapfrog
BTW, I'm more a Solaris/HP-UX/AIX guy than Linux.
Ohhhhh, then you're very familiar with vulnerabilities...
16
posted on
11/07/2005 6:32:19 PM PST
by
Bush2000
(Linux -- You Get What You Pay For ... (tm)
To: Bush2000
ABMer zealot I'm a career Unix Admin, so I'm probably guilty on the ABM thing. However, that opinion is based upon observation.
As to your tagline: Whatever. Linux/BSD/FreeBSD/whatever.
Yes, they are better than the current Microsoft products.
However, they are nowhere near to matching real commercial Unixes.
17
posted on
11/07/2005 6:45:09 PM PST
by
Michael Goldsberry
(an enemy of islam -- Joe Boucher; Leapfrog; Dr.Zoidberg; Lazamataz; ...)
To: Bush2000
Unbelieveable. You have friends?
18
posted on
11/07/2005 7:20:05 PM PST
by
FLAMING DEATH
(And now, for something completely different: www.donaldlancow.com)
To: Leapfrog
Unreliable? I would use Windows 2000 Advanced Server or 2003 Server over anything, anyday in a corporate LAN/WAN environment.
To: All
in truth, vulnerabilities are more publicized by the Open Source Software Community (hereafter referred to as OSS).. when comparing it to Micro$oft'$ vulnerabilities you are more likely to get a severe downsizing of the actual problem. in otherwords, they only publicize what they want to admit to.
The best way to get the truth is to go someplace that tracks bug reports on multiple fronts, the best place (IMHO) is
Secunia. You'll find that there are multiples of vulnerabilities EVERY DAY reported for OSS, as well as Apple and M$ on occasion. The real key is when you look at the expedience in said vulnerabilities getting fixed, or 'patched'.
here's a scary thought:
Windows XP Professional compare the above to this:
Gentoo Linux Kinda scary if you ask me.
Also, to respond to the comment "
I'm still of the opinion that the reason MS gets most all of the virus attacks is simply because it is what most all use in the world."
Yes, thats true,
BUT even if the world did use OSS as a majority you'd find that many of the bugs that can be exploited are patched within days (if not hours). The reason exploits hit M$'s products so hard is because the bug is found, and M$ does nothing with it for weeks if not months. That is where the strength of OSS comes in.
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-89 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson