Mare.D attacks the Mambo content management system

F-Secure is warning about 'network worm' Mare.D targets vulnerabilities in Content Management System (CMS) Mambo and XML-RPC PHP library (this is The code library for PHP programmers allows procedures to run between multiple computers with different operating systems.

Interface of Mambo CMS system

F-Secure said the Mare.D worm installed some backdoor ports on the infected system (and would harm it if the system ran Mambo open source CMS or XML-RPC PHP library).

Two of these back ports are of the ' connectback shell backdoor ' type, named " cb " and " ping.txt ". These two back ports connect to the remote computer via port 8080. The third back port is written in Perl language and controlled by IRC (Internet Relay Chat). The main component of the listening worm of commands at port 27015 of UDP (User Datagram Protocol) protocol.

Secunia said, this vulnerability affects PHP XML-RPC version 1.1 and earlier versions. The company advises users to upgrade the PHP XML-RPC library to version 1.1.1.

On his website, Mambo said he had released fixes for versions 4.5.3 and 4.5.3h. Users can download these fixes from http://www.mamboserver.com/. Mambo also recommends that users upgrade their software if they have previous versions of 4.5.3.

A consultant from Sophos said, they still haven't seen any customers complaining about the Mare.D worm.