A new worm that attacks Linux systems and exploits several vulnerabilities in the operating system has been reported, and security firms are urging caution among users.
The worm has been dubbed "Lupper" by antivirus firm McAfee and "Plupii" by Symantec. Threat levels range from low to medium risk among security companies, mainly because the worm has not been distributed widely.
Although its threat rating is low, the worm is being watched for its potential to hurt Linux systems. It installs a backdoor on infected servers, which then can be exploited to create a network of systems that can launch attacks on other computers.
According to McAfee, the worm spreads by exploiting Web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Slapper and Scalper worms, which targeted Linux and BSD respectively.
The worm blindly attacks Web servers by sending malicious HTTP requests on port 80, McAfee noted in its advisory.
"If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed," the advisory states.
Similar to Slapper and Scalper, the new worm creates a network of compromised servers based on peer-to-peer principles. This network could be used for denial-of-service attacks, McAfee warned.
Symantec and McAfee have updated their products to provide some protection, but Secunia security researcher Thomas Kristensen noted that because the vulnerability is in the library of many products, users of third-party applications might not know they are at risk.
"Users should be less concerned if the application they're using is from a Linux distributor, because they have patches available," said Kristensen. "But with third-party vendors, users might not know about the problem until they read about it."
The vulnerabilities being exploited are somewhat complicated to patch, he added. "Users should be careful to make sure they're protected by going to security sites and looking at the different components involved here."