Text
NOVEMBER 08, 2005 (IDG NEWS SERVICE) - A worm that affects Linux systems and spreads by exploiting Web server-related vulnerabilities has been reported by antivirus companies, but so far Linux.Plupii, which is also known as Lupper, hasn?t spread much and isn?t seen as much of a threat.
The worm spreads by exploiting Web servers hosting vulnerable PHP/CGI programming language scripts, according to McAfee Inc. The worm is a derivative of the Linux/Slapper and BSD/Scalper worms from which it has taken its propagation strategy, McAfee said in information provided on its Web site.
The worm, discovered Sunday, attacks Web servers by sending malicious HTTP requests on Port 80, McAfee said. If the server being targeted is running a vulnerable script at certain URLs and is configured to permit external shell commands and remote file download in PHP/CGI, the worm could be downloaded and executed, McAfee said. It can also harvest e-mail addresses stored in Web server files.
The worm opens a back door on a compromised computer and then generates URLs to scan for other computers to infect and that can affect network performance, according to information from Symantec Corp.
NOVEMBER 08, 2005 (IDG NEWS SERVICE) - A worm that affects Linux systems and spreads by exploiting Web server-related vulnerabilities has been reported by antivirus companies, but so far Linux.Plupii, which is also known as Lupper, hasn?t spread much and isn?t seen as much of a threat.
The worm spreads by exploiting Web servers hosting vulnerable PHP/CGI programming language scripts, according to McAfee Inc. The worm is a derivative of the Linux/Slapper and BSD/Scalper worms from which it has taken its propagation strategy, McAfee said in information provided on its Web site.
The worm, discovered Sunday, attacks Web servers by sending malicious HTTP requests on Port 80, McAfee said. If the server being targeted is running a vulnerable script at certain URLs and is configured to permit external shell commands and remote file download in PHP/CGI, the worm could be downloaded and executed, McAfee said. It can also harvest e-mail addresses stored in Web server files.
The worm opens a back door on a compromised computer and then generates URLs to scan for other computers to infect and that can affect network performance, according to information from Symantec Corp.