Symantec Researchers Warn of New Linux Worm

For many of us who run Linux, one of the attractions to doing so is being relatively free of security threats and malware. Every once in a while, though, a notable threat does target Linux, and Symantec researchers have ssued an advisory warning of a new worm that targets not only Linux-based computers but many kinds of devices that include Linux, including some routers and set-top boxes. The worm, Linux.Darlloz, exploits a PHP vulnerability to propagate itself. According to security researcher Kaoru Hayashi: "The worm utilizes the PHP ‘php-cgi’ Information Disclosure Vulnerability (CVE-2012-1823), which is an old vulnerability that was patched in May 2012. The attacker recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013." "Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel

Read more at OSTATIC

Comments are closed.