Internet ne'er do wells have created a Linux worm which uses a recently discovered vulnerability (http://secunia.com/advisories/15852) in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems. The Mare-D (http://www.f-secure.com/v-descs/mare_d.shtml) worm also tries to take advantage of a security flaw (http://secunia.com/advisories/14337) in Mambo to spread. If successful, the worm installs an IRC-controlled backdoor on compromised systems.

Most affected applications have been updated to address the security flaw exploited by Mare-D, which anti-virus firms rate as a low risk. The malware is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than the minimal threat is poses. ®

Related stories

• Month of PHP bugs project launches (5 March 2007)

  http://www.channelregister.co.uk/2007/03/05/month_of_php_bugs/

• PHP security under scrutiny (21 December 2006)

  http://www.channelregister.co.uk/2006/12/21/php_security_scrutinised/

• X marks the bug (3 May 2006)

  http://www.channelregister.co.uk/2006/05/03/x11/

• Homeland Security report tracks down rogue open source code (3 March 2006)

  http://www.channelregister.co.uk/2006/03/03/open_source_safety_report/

• Open source ID management puts users in control (28 February 2006)

  http://www.channelregister.co.uk/2006/02/28/higgins/

• Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)

  http://www.channelregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/

• Anatomy of a failed virus attack (6 December 2005)

  http://www.channelregister.co.uk/2005/12/06/failed_virus_attack/

• Red Hat holes less severe than Windows - study (27 July 2005)

  http://www.theregister.co.uk/2005/07/27/red_hat_security/

• Hackers plot to create massive botnet (3 June 2005)

  http://www.channelregister.co.uk/2005/06/03/malware_blitz/

• MySQL worm attacks Windows servers (28 January 2005)

  http://www.theregister.co.uk/2005/01/28/mysql_worm/