Security experts warned users yesterday about a new computer worm that specifically targets Linux systems by exploiting a security vulnerability in a PHP application.
The application that the Mare.D worm exploits is the open-source content management system Mambo and the PHP XML-RPC library.
If it successfully infiltrates a system, the Mare.D worm can open numerous backdoors—such as two “connectback shell” ports linking to remote servers, or three additional ports that allow the author of this malware to access and control the system via an IRC channel.
“The Mare.D worm is programmed in C language on the GNU C application programming platform,” said Gergely Erdelyi, a research expert from F-Secure.
Mare.D is also equipped with the ability to automatically scan for other security vulnerabilities on the infected system and install small executable code snippets to facilitate the downloading of additional malware.
The vulnerabilities in Mambo and the PHP XML-RPC library are classified as “Extremely Dangerous.” However, to date, no patches have been released to address these issues.
