On CNET: Your car could run on sugar and tequila
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Joris Evers, News.com
Posted on ZDNet News: Nov 8, 2005 1:12:00 AM

A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, antivirus companies warned on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."

Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm.

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.

The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm.

The XML-RPC flaw affects blogging, wiki and content management software and was discovered earlier this year. Patches are available for most systems. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script; no fixes are available for the script, according to Symantec's DeepSight Alert Services.

McAfee rates Lupper as low risk. Symantec, which calls the worm "Plupii," rates it medium risk, but notes that the worm has not been widely distributed. The SANS Internet Storm Center, which tracks network threats, reports some worm sightings.

Symantec and McAfee have updated their products to protect against the worm. If a system has been infected, Symantec recommends complete reinstallation of the system because it will be difficult to determine what else the computer has been exposed to, the company said.

  • Talkback
  • Most Recent of 281 Talkback(s)
Well...
--- QUOTE ---
Bah! What a crude way to berate Linux. At least they should have given us it a decent0-Win worms compatible- name-> Rawlog@L32 is my suggestion.
--- QUOTE ---

What the he... (Read the rest)
Posted by: Twey Posted on: 05/16/06 You are currently: Logged In | Log out
Welcome to the Real World! just^me   | 11/07/05
How's that, again? Yen_z   | 11/07/05
You're in Denial... just^me   | 11/08/05
Nonsense Yen_z   | 11/08/05
Welcome, New Linux FanBoy, Yen PMC-CON   | 11/08/05
In other words... Yen_z   | 11/08/05
OK, fine, Linux is better Too Old For IT   | 11/08/05
Erm... Twey   | 05/16/06
DId I Say I Was A System Admin? PMC-CON   | 11/08/05
too_old... linuxoverwindows   | 11/08/05
Time for a reality check chum Cayble   | 11/12/05
What are you talking about... just^me   | 11/08/05
You're in Denial! just^me   | 11/08/05
You know who the worst Sys Admins are? Yen_z   | 11/08/05
This Linux Vulnerability from Missing Patches PMC-CON   | 11/08/05
Wrong. Yen_z   | 11/08/05
Hmm, I recall that the FireFox Web Site Was Hacked ... PMC-CON   | 11/08/05
And You Of Course Can Harden Windows ... PMC-CON   | 11/08/05
In Truth, ANY Published API/VM Can Be Abused PMC-CON   | 11/08/05
PMC, you really are a con, aren't you. The King's Servant   | 11/08/05
King's Servant -- What King Is That Anyway? PMC-CON   | 11/08/05
FireFox Prompt PMC-CON   | 11/08/05
You cannot disown... The King's Servant   | 11/08/05
You're Psycho... just^me   | 11/08/05
Firefox belkorin   | 11/10/05
Microsoft Security sabayer   | 11/08/05
I hear you! just^me   | 11/08/05
finally a balanced view mdsmedia   | 11/09/05
finally a balanced view mdsmedia   | 11/09/05
Again, you're high! just^me   | 11/08/05
Well again D-Ram   | 11/09/05
Explain Yourself Cayble   | 11/12/05
And still... Yen_z   | 11/08/05
What Was That One Pertinent Question, Anyway PMC-CON   | 11/08/05
LOL D-Ram   | 11/09/05
Don't bother lengua99   | 11/19/05
It might suprise you to know that ... ShadeTree   | 11/08/05
MS windows WISHED its ONLY problems were michael_t   | 11/07/05
Who Said Only... just^me   | 11/08/05
I DO AGREE on the accountability michael_t   | 11/08/05
And that is fine but... just^me   | 11/08/05
Play now, pay later; later is NOW .... michael_t   | 11/08/05
There is a joke in all this. jolumoar   | 11/09/05
ROLFMAO!! Loverock Davidson   | 11/07/05
How did I miss this one?! Sabz5150   | 11/07/05
Don't laugh too hard, when it happens again and again Boot_Agnostic   | 11/08/05
I don't understand how a worm could be funny duclod   | 11/08/05
It's funny Loverock Davidson   | 11/08/05
funny lobo79   | 11/08/05
Funny MrsGorilla_z   | 11/08/05
How many times do people have to be corrected on that myth? The King's Servant   | 11/08/05
Perhaps MrsGorilla_z   | 11/08/05
Sorry, for being so harsh. The King's Servant   | 11/08/05
Web Servers Gen-X_z   | 11/10/05
No, not really uno@...   | 11/08/05
"Just as vulnerable?" Twey   | 05/16/06
When did who say that? The King's Servant   | 11/08/05
One of the rare times I'll do your homework for you Loverock Davidson   | 11/08/05
You know, LD, I brought that on myself ;-) The King's Servant   | 11/08/05
not worried linuxoverwindows   | 11/08/05
ROLFMAO????? raelalt   | 11/08/05
ROFLMAO - Definition theoldman59@...   | 11/08/05
ROLFiing with MAO raelalt   | 11/08/05
Dude, it's a joke. Sxooter_z   | 11/08/05
Uh oh, someone can't handle reality Loverock Davidson   | 11/08/05
Reality??? horusfalcon   | 11/08/05
Reality Loverock Davidson   | 11/08/05
Nice attack on a straw man there Sxooter_z   | 11/08/05
much like most windows vulns have patches weeks or months bef a worm hits novaflare   | 11/08/05
Typical non-sensical opening comment LD mdsmedia   | 11/09/05
Maybe Loverock Davidson   | 11/09/05
ROLFMAO!! jolumoar   | 11/09/05
New worm targets Linux systems Loverock Davidson   | 11/07/05
Not too bad Sabz5150   | 11/07/05
Melissa JohnRoche   | 11/08/05
Code Red chaser rapt0r   | 11/08/05
there a small difference toxicfreak   | 11/08/05
Crow taste!?! yourkiddingright   | 11/08/05
Do you make up BS as you go along Loverock Davidson   | 11/08/05
Remind me again... mdielmann   | 11/08/05
Code red Loverock Davidson   | 11/08/05
after was the point sabayer   | 11/08/05
I do use Windoze, everyday in fact yourkiddingright   | 11/08/05
I don't think you do Loverock Davidson   | 11/08/05
No actually I do yourkiddingright   | 11/08/05
Should I go on L~rock? BSD Secure?, you should get out more! yourkiddingright   | 11/08/05
Getting desperate? Loverock Davidson   | 11/08/05
actually that was from two googles, if you want more. yourkiddingright   | 11/08/05
16 out of 17 ... yourkiddingright   | 11/08/05
Does this mean Loverock Davidson   | 11/08/05
Bottom line - Nothing is secure vabello   | 11/09/05
Interestingly Yagotta B. Kidding   | 11/08/05
Very interestingly Loverock Davidson   | 11/08/05
OHH and WinSux FANBOYS do??? mdsmedia   | 11/09/05
A new name? Loverock Davidson   | 11/09/05
Shill... jasonp@...   | 11/08/05
Yes you are Loverock Davidson   | 11/08/05
Loverock = MS Zealot mdsmedia   | 11/09/05
Loverock dddd_z   | 11/08/05
New worm targets Linux systems Sabz5150   | 11/07/05
Keep lying to yourself. I know you can do it. osreinstall   | 11/07/05
Eww, osreinstall, you sound like a Rockhead clone. Judas I.   | 11/07/05
Just working over a linux neophite. osreinstall   | 11/07/05
Working ME over? Sabz5150   | 11/07/05
It will be over soon. Don't worry. osreinstall   | 11/07/05
along with that idea... BlinkMM182   | 11/07/05
Win2000 server not Win98! osreinstall   | 11/07/05
Cool CobraA1   | 11/08/05
It's OK cut him some slack. They only let him use the michael_t   | 11/07/05
Sounds like experience talking there Johnny. osreinstall   | 11/07/05
I'll go ahead and reply directly just for kicks Sabz5150   | 11/07/05
You do realize there is no discussion besides MS vs Linux on ZDNet. osreinstall   | 11/07/05
hah White_Tech_Guy   | 11/07/05
Hey, drink a beer. No one is perfect. osreinstall   | 11/07/05
No security? yourkiddingright   | 11/08/05
It is the Administrator stupid! osreinstall   | 11/08/05
Yet another reason NOT to use an insecure bloated OS like Linux Loverock Davidson   | 11/07/05
Neither do I Sabz5150   | 11/07/05
Maybe it was MS Commandos or the Republican Guard. osreinstall   | 11/07/05
Oh, you're just as fun as Rockie is Sabz5150   | 11/07/05
Speaking of limitations osreinstall   | 11/07/05
I have no idea Sabz5150   | 11/07/05
Like I said, a few handfull. osreinstall   | 11/07/05
Count them on one hand??? yourkiddingright   | 11/08/05
Talking about useful apps. osreinstall   | 11/08/05
Card File came out in 1985... yourkiddingright   | 11/08/05
Mine has a stamp date of 1991-1992 under properties. osreinstall   | 11/08/05
... or *BSD, or Solaris, or ... Yagotta B. Kidding   | 11/08/05
Worms a reason not to use? jasonp@...   | 11/08/05
Indicative of the latest MS OS ~ Vista ~ yourkiddingright   | 11/08/05
Worms a reason not to use? jasonp@...   | 11/08/05
Yup. My Solaris8 searves me well. Ahmed303   | 11/08/05
Which is of course why the BSD's are affected too. mobrien_12@...   | 11/08/05
bloated? lurking   | 11/08/05
And do the same with linux Loverock Davidson   | 11/08/05
Whatever CobraA1   | 11/09/05
Why do BSD users boast that they are invulnerable? The King's Servant   | 11/08/05
Sad sad day mobrien_12@...   | 11/08/05
Whats sad about it? Loverock Davidson   | 11/09/05
Doomsday strikes Linux again! Loverock Davidson   | 11/07/05
This is fun!!! Sabz5150   | 11/07/05
Whole OS? node357   | 11/07/05
Wrong Loverock Davidson   | 11/08/05
BSD Expert Jadal   | 11/08/05
Depends Loverock Davidson   | 11/08/05
GNU Is Complete node357   | 11/08/05
Well that explains it Loverock Davidson   | 11/09/05
Loverock = Illiterate node357   | 11/09/05
Friends shouldn't let you smoke crack! yourkiddingright   | 11/08/05
Doomsday strikes both Linux and BSD B.O.F.H.   | 11/08/05
Doomsday strikes Linux again! schoolfieldd   | 11/08/05
Doomsday strikes Linux again! Loverock Davidson   | 11/08/05
Neither of them are Windows (nt) Sabz5150   | 11/08/05
Weekly reboots ??? kelkins@...   | 11/10/05
News Flash!!!! Rico   | 11/08/05
As a (mostly) Window's kind of guy mdemuth   | 11/07/05
A noble interjection on this forum Boot_Agnostic   | 11/08/05
Agreed, except ... Too Old For IT   | 11/08/05
unfortunately, these days they are coding something "useful" mobrien_12@...   | 11/09/05
POOR LINSUX JUST LIKE A BIG MAC ATTACK internet11   | 11/07/05
forgive loverock stormdoor   | 11/07/05
Hey, Rockhead, rather than responding to each and ... Judas I.   | 11/07/05
indeed =) White_Tech_Guy   | 11/07/05
Yes... OK... No thanks Jadal   | 11/08/05
LOL Loverock Davidson   | 11/08/05
As you LOL, Rockhead, just remember: Judas I.   | 11/08/05
History Loverock Davidson   | 11/08/05
Correct, history will repeat itself and ... Judas I.   | 11/08/05
Sounds like a server bug ... not Linux wackoae   | 11/07/05
don't pose facts man Monkey_MCSE   | 11/07/05
Message has been deleted. Sabz5150   | 11/07/05
Nope. Sorry. vdraken   | 11/08/05
Ok, it WAS a flaw. yourkiddingright   | 11/08/05
I'm thinking you need a hobby Monkey_MCSE   | 11/08/05
No. It is a PHP on <your OS here> flaw! The King's Servant   | 11/08/05
Server bug? LOL bammike   | 11/08/05
Look at the McAfee site again. RTFoolishA The King's Servant   | 11/08/05
And as expected Loverock Davidson   | 11/07/05
On