Today on DiscHQ: Tony Hawk Underground 2 Cheats, Fire Emblem Release Date, and Geist - Control Your Dog Bowl
« Nokia Ships Linux Powered Internet Tablet
Linus Torvalds Cracks Down on Kernel Developers »

Linux Lupper Worm Found in the Wild

Bookmark on del.icio.us or Furl
paxil to help with gut problems nexium and potassium usues for cipro actos mg requip restless leg syndrome melatonin immune system zoloft withdrawls accutane use in adults pros and cons premarin tegritol seroquel augmentin side effects rash breast augmentation information breast augmentation breast cure premature ejaculation exercises what are side affects of lisinopril wellbutrin cymbalta side effects allegra aparments in wa west germay produced human growth hormone seroma after breast augmentation coumadin rash renal insuffiency edema lasix zaroxolyn cirrhosis bad effects from levaquin prednisone azathiaprine does nexium turn the stool black picture of lamictal drug rash crestor dosage two 20mg recreational drug viagra cymbalta lactation enhance study vytorin and zetia high off claritin viagra soft tab actos promotion hgh fda paxil no prescrition can i take celebrex and advil hgh overdose mag 3 lasix renogram too much augmentin reaction to stop taking diovan hct cipro stoney creek flonase problems extended use class action lawsuit for lipitor cardura usage in bph motrin maximum dose synthroid and hypertension seroquel antipsychotic drug elavil for tremors celebrex vsw catalog celebrex online magnesium calcium carbonate cipro drug interaction how to get off paxil

McAfee has posted details on a relatively new Linux Worm that has been found in the wild. Called Linux / Lupper.worm, this is a variant of the Linux / Slapper and BSD / Scalper worms and it propagates using the same methods as these worms.

The worm spreads by infecting Web Servers that are hosting vulnerable PHP and CGI Scripts, most notably the XMLRPC PHP Library used by many CMS and Blogging platforms and the AWStats Log Analyzer Script. Infected servers scan for other vulnerable machines and attempt to spread the worm by sending malicious http requests to port 80. If another server is found running one of the vulnerable scripts, then an attempt is made to downoad the worm to this server and execute it.

This is just another good reason why all Linux Web Servers should be running some sort of outbound firewall protection — similar to a Zonealarm or other personal firewall. Most web servers (Linux or not) are setup to blindly allow all outbound traffic on any port. There are scripts out there for Linux — I’m not sure about other operating systems — that are relatively easy to install and will allow you to specify which outbound traffic to allow and block and log all other traffic. It would be much more difficult for these worms to spread if something like this was setup on the web server. Even better is to also check the application that the traffic is originating from — but I don’t know if there is anything for Linux Web Servers like this available.

Technorati Tags: , ,

If you liked this article, buy me a beer!

Related Posts

This entry was posted on Wednesday, November 9th, 2005 at 7:13 pm and is filed under Linux News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply