It seems what everybody knew all along but were smug with the knowledge that it had not happened on Linux yet has occured. CNet News writes that a new worm targeting Linux systems has been spreading around the net. This worm named Lupper, propagates by exploiting vulnerabilities in web server software (read apache and php) on Linux.
Salient features of the Lupper worm
- Blindly attacks web servers, installing and executing a copy of the worm when a vulnerable server is found.
- Installs a backdoor on the infected servers, giving the attacker remote control over the system.
- The worm exploits 3 vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability - what ever that means.
- Apply all the latest patches to your kernel.
- Update your webserver (apache), PHP, AWStats (log analyser tool if you have one) to include the latest bug fixes.
- Run an anti-virus program on your machine. Read my previous post on ClamAV - The free Anti Virus solution for Windows on Linux.
- Use an open-source intrusion detection and prevention system like Snort.
No comments:
Post a Comment