Dear List, A strange worm is going around the web. It attacks some vulnerabilities in PHP. >From http://www.securityfocus.com/brief/38?ref=rss cut+paste here ===================================================== A new Linux worm is crawling the web looking for a large number of vulnerable PHP systems and applications. The worm, known as Linux.Plupii (Symantec) or Linux/Lupper.worm (McAfee), is rated as a Category 2 worm by Symantec, while McAfee considers the risk "low." The worm installs a Trojan using wget and the attack allows for arbitrary code execution under the privileges of the web server user. The worm exploits PHP based vulnerabilities discovered back in June, and affects a large number of PHP web applications that use XML-RPC. The Trojan makes simple requests to web servers running on port 80 and the attack has been well documented by SANS. Unpatched systems are ripe for exploitation. Affected systems will need to be wiped and have the OS reinstalled, in most cases. The report comes on the heels of a new PHP release that addresses more security issues. Readers are also reminded of the Perl-based Santy worm and its variants as an indication that web-based worms that target Linux and Unix applications are becoming much more commonplace. ===================================================== what can we do to escape the threat of this worm. Does it need root priviledge? I am asking this because it is an eminent danger and how to secure our pcs. Thanks, Antonio __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
