nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Linux worm targets PHP flaw

DON'T PANIC

By John Leyden, 7 Nov 2005

Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems.

XML-RPC for PHP features in many web application including PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. Most of these applications have been updated to address the security flaw.

But unpatched systems are at risk from a Linux worm - called Lupper - which exploits the bug to load itself onto vulnerable systems. Anti-virus firms report few reports of the malware which is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than its risk factor, which is low.

SAN's Internet Storm Centre has a comprehensive technical description of the threat (such as it is) here. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing