Why Do Cool Kids Chose PHP to Build Websites?

PHP Developer's Journal

Subscribe to PHP Developer's Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PHP Developer's Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


PHP Authors: Hovhannes Avoyan, AppDynamics Blog, Trevor Parsons, Andreas Grabner, Harald Zeitlhofer

Related Topics: PHP Developer's Journal

PHP: Article

McAfee Identifies "Lupper" Linux Worm

But Variant of "Slapper" and "Scalper" Given Low Risk Assessment

Security software company McAfee has identified the so-called "Lupper" worm, which attacks Linux-based servers and is a probable variant of the previous Linux/Slapper and BSD/Scalper worms. The new variant is now being detected as Linux/Lupper.worm.a . A separate strand of the worm exhibiting identical behavior has been detected as Linux/Lupper.worm.b .

The Lupper worm variants spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed, according to McAfee.

Symptoms of the worm's presence are:

Presence of one or more the following files
* /tmp/lupii
* /tmp/listen
* /tmp/update.listen
* /tmp/listen.log

One or more of the following ports are listening/sending:
* UDP 7111
* UDP 7222
* UDP 27015
* UDP 25555

McAfee has given the worm a low risk assessment and says, "AVERT recommends to always use latest DATs and engine . This threat will be cleaned if you have this combination."

More Stories By Linux News Desk

SYS-CON's Linux News Desk gathers stories, analysis, and information from around the Linux world and synthesizes them into an easy to digest format for IT/IS managers and other business decision-makers.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
LinuxWorld News Desk 11/11/05 05:56:25 PM EST

The Lupper worm variants spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. At least one variant has been identified as a modified derivative of the Linux/Slapper and BSD/Scalper worms from which it inherits its propagation strategy, according to McAfee.