Article title: Penguin encounters the worm Lupper variant and is targeted at Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
A new worm has started to target Linux systems by exploiting Web server errors. Some anti-virus agencies have released the so-called Lupper-A virus will leave A backdoor on the infected machine to facilitate intrusion and steal email addresses from the Web server.
At present, it seems that Lupper has not spread rapidly. However, because Linux systems are rarely attacked by viruses than Windows systems, this incident has aroused the attention of network security experts.
Lupper is distributed through vulnerable PHP/CGI scripts on Web servers, according to McAfee of Santa Clara, Calif. "It is derived from the Linux/Slapper and BSD/Scalper worms and inherits the first two features. "McAfee mentioned at a consulting meeting. "The worm sends an HTTP request to port 80 to attack the Web server. if the server has a script as the attack object, in addition, remote files can be downloaded in the PHP/CGI environment. a Copy file containing the worm virus will be downloaded and executed.
McAfee said that Lupper attacks will form a point-to-point communication protocol throughout the network, and the network will be used to implement distributed services to reject distributed denial of service (DDoS) attacks, or for other purposes. Because the current network accepts remote commands. In addition, the new virus can also steal email addresses stored on Web servers.
At a consultation meeting, the Islandia of Computer Associates pointed out that Lupper can also open a UDP backdoor on port 7111 to allow remote illegal controllers to enter the machine.
Symantec's Cupertino named the worm Linux. Plupii and concluded that once the virus file is executed, the following operations will be performed:
Send confirmation information to remote attackers through UDP port 7222.
Open a backdoor on UDP port 7222 to allow remote attackers to access the computer.
Generate the URLs with some column encoding.
Send HTTP requests to URLs and try to exploit the weakness of the PHP remote password to probe the XML-RPC, AWStats, and Darryl burgdlf Webhints for new propagation.
Try to execute your own files by using the URL [http: //] 62.101.193.244/[REMOVED]/lupii and
Save the downloaded file as a file named/tmp/lupii.
Symantec also described other information and vulnerable vulnerabilities in its Virus Bulletin.
When anti-virus companies began to pay attention to Lupper's actions, Danish vulnerability clearinghouse Secunia also announced other Linux-based error warnings:
Unsafe use of the FTP server 'vsprintf () 'function to answer FTP client requirements, resulting in a Linux-ftpd-ssl error. according to Secunia, once the output exceeds 2,048 bytes, this will cause a stack-based buffer overflow. This error can be attacked by generating a series of subdirectories with long file names, followed by the 'xpwd' command. The result is that 'xpwd' causes overflow of more than 2,048 bytes.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.