Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

Skip to comments.

New worm targets Linux systems
CNET News.com ^ | November 7, 2005, 5:12 PM PST | Joris Evers

Posted on 11/07/2005 6:00:27 PM PST by Bush2000

New worm targets Linux systems
By Joris Evers
Staff Writer, CNET News.com
Published: November 7, 2005, 5:12 PM PST

A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, warned antivirus companies on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."


Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.

The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script, no fixes are available for the script, according to Symantec's DeepSight Alert Services.

McAfee rates Lupper as a low risk. Symantec, which calls the worm Plupii, rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.

Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.


TOPICS:
KEYWORDS: flamewarinthemaking; gatesbot2000; linux; paidshill; redmondpayroll; shamelesstroll; shillboy2000; valentilapdog; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-89 last
To: js1138

It's an HP laptop. It's kind of ironic, as it states it's "Designed for Windows XP".

Regards, Ivan


81 posted on 11/13/2005 2:42:09 AM PST by MadIvan (You underestimate the power of the Dark Side - http://www.sithorder.com/)
[ Post Reply | Private Reply | To 80 | View Replies]

To: MadIvan

Dell/HP. Same thing. You are getting an OS that has been modified with a zillion startup scripts and programs, all selling stuff.

I consider it the same as internet popups. It's really hard to get rid of, and if you change your user login, it starts all over.


82 posted on 11/13/2005 2:45:39 AM PST by js1138 (Great is the power of steady misrepresentation.)
[ Post Reply | Private Reply | To 81 | View Replies]

To: MadIvan

You have no particular reason to trust me, but in my experience, installing retail windows, even upgrading older machines from crap like ME, XP runs fine and boots quickly.

The only slow booters I've seen are from the major manufacturers.


83 posted on 11/13/2005 2:48:24 AM PST by js1138 (Great is the power of steady misrepresentation.)
[ Post Reply | Private Reply | To 81 | View Replies]

To: js1138
I ran a couple of networks during that period. There was nothing that could get through even a simple firewall.

As I remember, the infection came from unpatched clients connecting through the VPN.

Unless you have multiple firewalls with carefully controlled access for VPN users, it's relatively easy to be vulnerable and not even know it.

Establishing a network that is secure from many different infection vectors is complicated and expensive to do properly. Too many places won't or can't do it.

The fact of the matter is, if Windows was designed better, it wouldn't be as big of a problem to secure the network.

84 posted on 11/13/2005 2:49:46 AM PST by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 76 | View Replies]

To: js1138

I am aware XP is quicker than 2000 - I rebuilt a desktop machine, I bumped up the RAM, put in faster hard drives, and with an OEM distribution of XP Pro SP 2, it runs fine. I did try that same distribution on the laptop - no joy.

I've also tried Live CD distributions of Linux on the desktop - was it not for the money I've invested in Microsoft Office, I would have switched to OpenSuse for the desktop long ago.

Regards, Ivan


85 posted on 11/13/2005 2:52:52 AM PST by MadIvan (You underestimate the power of the Dark Side - http://www.sithorder.com/)
[ Post Reply | Private Reply | To 83 | View Replies]

To: MadIvan
Many of them have a vested interest in the Windows platform. They are at risk for losing their jobs when Windows starts to get replaced with a real operating system.

So they whine and thrash and spew FUD about Linux. It's pathetic, but understandable.

I haven't yet made the jump to Ubuntu. My Linux servers will likely never get switched, simply because I prefer a full Debian install and Ubuntu is more geared to a desktop.

Since I prefer KDE to Gnome, my next desktop OS will likely be Kubuntu.

86 posted on 11/13/2005 2:55:23 AM PST by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 77 | View Replies]

To: MadIvan
When I absolutely need to run a Windows app, Crossover Office is what I look to first.

If that fails, I'll install XP inside of a VMWare virtual machine, set up host-only networking and enable the shared folders.

That gives me the protection of keeping Windows off of the network while allowing me to move documents around using Linux.

87 posted on 11/13/2005 2:58:07 AM PST by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 85 | View Replies]

To: Knitebane

I wouldn't use Ubuntu for a server platform, it's more geared for desktop. I'm the opposite to you, I prefer GNOME to KDE. That said, Kubuntu is loaded with eye candy.

I would advise using Opera as the web browser with it - it's just impressively quick.

Regards, Ivan


88 posted on 11/13/2005 2:58:40 AM PST by MadIvan (You underestimate the power of the Dark Side - http://www.sithorder.com/)
[ Post Reply | Private Reply | To 86 | View Replies]

To: MadIvan
I wouldn't use Ubuntu for a server platform, it's more geared for desktop. I'm the opposite to you, I prefer GNOME to KDE. That said, Kubuntu is loaded with eye candy.

To each, his own.

At least we have those choices, unlike the poor, lost souls who continue to suck up what Microsoft gives them.

I've just never been able to take a liking to Opera. I always have it installed and use it from time to time, but it just doesn't tickle my fancy.

I've been checking out the new Firefox 1.5 RC2. Impressively fast. Not quite stable enough for full-time use, but I assume that it will be when they ship it for real.

89 posted on 11/13/2005 3:14:12 AM PST by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 88 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-89 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson