TulipTools Internet Business Owners and Online Sellers Community

Full Version: Linux Worm Targets PHP XML-RPC Vulnerability in WordPress, b2evolution,PostNuke
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Quote:We have received a few reports on an attack exploiting xml-rpc for php vulnerability.

xml-rpc for php is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. When exploited, this could compromise a vulnerable system. Most of these packages should have xml-rpc for php vulnerability fixed in the latest version. If you are still running an old version, you should get it updated immediately.

From the submitted logs, it attempts to wget a remote access Trojan from one system and using the Trojan to try to connect to another site via port 8080.


full article: http://isc.sans.org/diary.php?storyid=823

A full list of the scripts, operating systems and php versions that are at risk is available here:

http://www.securityfocus.com/bid/14088/info
Another article on the Linux Lupper trojan

Quote:A new worm that propagates by exploiting security vulnerabilities in Web server software is attacking Linux systems, antivirus companies warned on Monday.

The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper".

Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found...

A backdoor is installed on infected servers, giving the attacker remote control over the system. The server joins a botnet...

full article: http://news.zdnet.co.uk/software/linuxun...921,00.htm

It might be advisable to check that list of vulnerable applications in the first post and install patches if any of your scripts are at riskĀ  Smile