Posted on 11/07/2005 6:00:27 PM PST by Bush2000
New worm targets Linux systems
By Joris Evers
Staff Writer, CNET News.com
Published: November 7, 2005, 5:12 PM PST
A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.
A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.
The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.
The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script, no fixes are available for the script, according to Symantec's DeepSight Alert Services.
McAfee rates Lupper as a low risk. Symantec, which calls the worm Plupii, rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.
Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.
It's an HP laptop. It's kind of ironic, as it states it's "Designed for Windows XP".
Regards, Ivan
Dell/HP. Same thing. You are getting an OS that has been modified with a zillion startup scripts and programs, all selling stuff.
I consider it the same as internet popups. It's really hard to get rid of, and if you change your user login, it starts all over.
You have no particular reason to trust me, but in my experience, installing retail windows, even upgrading older machines from crap like ME, XP runs fine and boots quickly.
The only slow booters I've seen are from the major manufacturers.
As I remember, the infection came from unpatched clients connecting through the VPN.
Unless you have multiple firewalls with carefully controlled access for VPN users, it's relatively easy to be vulnerable and not even know it.
Establishing a network that is secure from many different infection vectors is complicated and expensive to do properly. Too many places won't or can't do it.
The fact of the matter is, if Windows was designed better, it wouldn't be as big of a problem to secure the network.
I am aware XP is quicker than 2000 - I rebuilt a desktop machine, I bumped up the RAM, put in faster hard drives, and with an OEM distribution of XP Pro SP 2, it runs fine. I did try that same distribution on the laptop - no joy.
I've also tried Live CD distributions of Linux on the desktop - was it not for the money I've invested in Microsoft Office, I would have switched to OpenSuse for the desktop long ago.
Regards, Ivan
So they whine and thrash and spew FUD about Linux. It's pathetic, but understandable.
I haven't yet made the jump to Ubuntu. My Linux servers will likely never get switched, simply because I prefer a full Debian install and Ubuntu is more geared to a desktop.
Since I prefer KDE to Gnome, my next desktop OS will likely be Kubuntu.
If that fails, I'll install XP inside of a VMWare virtual machine, set up host-only networking and enable the shared folders.
That gives me the protection of keeping Windows off of the network while allowing me to move documents around using Linux.
I wouldn't use Ubuntu for a server platform, it's more geared for desktop. I'm the opposite to you, I prefer GNOME to KDE. That said, Kubuntu is loaded with eye candy.
I would advise using Opera as the web browser with it - it's just impressively quick.
Regards, Ivan
To each, his own.
At least we have those choices, unlike the poor, lost souls who continue to suck up what Microsoft gives them.
I've just never been able to take a liking to Opera. I always have it installed and use it from time to time, but it just doesn't tickle my fancy.
I've been checking out the new Firefox 1.5 RC2. Impressively fast. Not quite stable enough for full-time use, but I assume that it will be when they ship it for real.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.