F-Secure Warns of the Mare.D Network Worm Targeting Vulnerabilities in Mambo CMS and PHP XML-RPC Library
 |
Interface of the Mambo CMS |
F-Secure has reported that the Mare.D worm installs several backdoors on infected systems, which can cause harm if the system is running the open-source Mambo Content Management System (CMS) or the PHP XML-RPC library.
Two of these backdoors are classified as “connectback shell backdoors” and are named “cb” and “ping.txt“. These backdoors connect to a remote computer via port 8080. The third backdoor is written in Perl and is controlled via Internet Relay Chat (IRC). The main component of the worm listens for commands on port 27015 using the User Datagram Protocol (UDP).
Secunia has indicated that this vulnerability affects PHP XML-RPC library version 1.1 and earlier versions. The company recommends that users upgrade the PHP XML-RPC library to version 1.1.1.
On its website, Mambo has announced that it has released patches for versions 4.5.3 and 4.5.3h. Users can download these patches from http://www.mamboserver.com/. Mambo also advises users to upgrade their software if they are running any versions prior to 4.5.3.
A consultant from Sophos stated that they have not yet encountered any customer complaints regarding the Mare.D worm.
