New worm hacked Linux via PHP application

Picture 1 of New worm hacked Linux via PHP application Security experts yesterday warned users about a new computer worm that attacks Linux systems by exploiting security holes in a PHP application.

Deep application Mare.D takes advantage of the exploitation here is open source software Mambo content management system and PHP XML-RPC library.

If a successful break into the Mare.D worm system is capable of opening many ports - for example, the two "connectback shell" ports associated with another remote server or the following three ports allow the author of the malware This has access and control of the system through IRC channels.

" Mare.D worm is programmed in C language on the basis of the GNU C programming application ," said Gergely Erdelyi, a researcher with security firm F-Secure.

Mare.D is also equipped with the ability to automatically scan for other security holes on the infected system and install other small self-executing scripts for downloading other malicious software.

Security holes in Mambo and PHP XML-RPC library are all classified as "Extremely dangerous". However, so far no patch has been fixed.