Hi Guys,
Hope you guys heard about this new Linux word called - Linux.Darlloz
The new worm, which was named Linux.Darlloz, is based on proof-of-concept code released in late October, the Symantec researchers said in a blog post.
"Upon execution, the worm generates IP [Internet Protocol] addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability," the Symantec researchers explained. "If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target."
According to security researchers from Symantec, the worm spreads by exploiting a vulnerability in php-cgi, a component that allows PHP to run in the Common Gateway Interface (CGI) configuration.
More details about this Worm is given below.
Discovered:November 26, 2013
Updated:November 28, 2013 12:43:59 AM
Type:Worm
Infection Length:Varies
Systems Affected:Linux
CVE References:CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336
Linux.Darlloz is a worm that spreads to vulnerable systems by exploiting the PHP 'php-cgi' Information Disclosure Vulnerability (CVE-2012-1823).
Threat Assessment
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage
Damage Level: Medium
Deletes Files: Deletes files.
Distribution
Distribution Level: Low
