Tuesday, 21 February 2006

Linux Worm Turns On Mambo and PHP

Security experts today warned of a Linux network worm that exploits holes in the Mambo content management system and the PHP XML-RPC library. Dubbed Mare.D, the worm leaves multiple backdoors on infected systems. Two of these are connectback shell backdoors that link to a remote host, while a third allows the malware's writer to access and control infected systems via IRC.

"The main component of the Mare.D worm is written in C and compiled with the GNU C compiler," said F-Secure researcher Gergely Erdelyi.

The worm scans for vulnerable systems automatically and installs a small shell script which downloads the rest of the malware.

The vulnerabilities in Mambo and the PHP XML-RPC library are both rated as 'highly critical' by vulnerability testing group Secunia, but patches are available for both.