[ILUG] serious linux worm on the loose

I haven’t seen this hit the mainstream press, or slashdot or anywhere yet. It could be some obvious hole missed while configuring these Red Hat 7.3 boxes but I’m worried. 8 Red Hat 7.3 boxes were broken into and rooted. John doesn’t know how they were cracked, almost missed it but thinks it might be a worm mentioned in Phrack a while back..
I checked my own Red Hat 7.3 boxes and they appear to be fine but given the nature of the worm, it won’t be easy to find without shutting down first.

Author: Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

2 thoughts on “[ILUG] serious linux worm on the loose”

  1. As John mentioned in his mail, some were up to date RH7.3 boxes, some weren’t. He doesn’t know how the boxes were infected, although the Phrack article mentions a vulnerability in PHP. Another weblog bemoaned Red Hat for not updating their PHP rpms so that could be related..

Leave a Reply