Lupper Worm Targets Linux Systems

A worm that affects Linux systems and spreads by exploiting Webserver-related vulnerabilities has been reported by antiviruscompanies, but so far Linux.Plupii, which is also known as Lupper,hasn’t spread much and isn’t seen as much of a threat.

The worm spreads by exploiting Web servers hosting vulnerable PHP/CGIprogramming language scripts, according to McAfee Inc. The worm is aderivative of the Linux/Slapper and BSD/Scalper worms from which it hastaken its propagation strategy, McAfee said in information provided onits Web site about the worm, which was discovered Sunday.

The worm attacks Web servers by sending malicious HTTP (HypertextTransfer Protocol) requests on port 80, McAfee said. If the serverbeing targeted is running a vulnerable script at certain URLs (UniformResource Locators) and is configured to permit external shell commandsand remote file download in PHP/CGI the worm could be downloaded andexecuted, McAfee said. It can also harvest e-mail addresses stored inWeb server files.

The worm opens a back door on a compromised computer and then generatesURLs to scan for other computers to infect and that can affect networkperformance, Symantec Corp. said.

Symantec rates the worm as having a medium damage and distributionthreat. As of Tuesday morning, it hadn’t spread much and Symantec saidit is easy both to contain and remove. McAfee assessed it as a lowthreat for both corporate and home users.

Linux users should update antivirus software and patches to protectagainst the worm, the companies said. Information about the worm can befound at McAfee’s Web site, https://vil.nai.com/vil/content/v_136821.htm, and at Symantec’s site, https://securityresponse.symantec.com/avcenter/venc/data/linux.plupii.html.

By Nancy Weil – IDG News Service (Boston Bureau)