Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Is This the Dawn of the Linux Worms?



 By: Larry Seltzer
2005-11-08
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: The Luppi worm is blazing a trail with great potential for attackers. We might learn a lot about how secure Linux systems are in the next few months.

Over the weekend reports began to filter in of a new network worm that focused on a variety of vulnerabilities in products typically found in Linux-based Web servers.

Its been tagged by many as a Linux problem, and is, in a practical sense, although most of the vulnerabilities arent strictly Linux issues.

So far theres no evidence its a serious real-world problem, although the Internet Storm Center has been reporting that they are seeing multiple variants of it circulating around the net.

IBM and Red Hat are teaming to deliver secure Linux. Read more here.

Most anti-virus companies and researchers are focusing on what is probably the most significant vulnerability attacked by the worm, the XML-RPC for PHP Remote Code Injection vulnerability.

Resource Library:
The others at issue are the AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability and the Darryl Burgdorf Webhints Remote Command Execution Vulnerability, both less common than PHP.

Click here to read more about Linux security issues, which were the focus at LinuxWorld 2005.

While the authors are clearly still feeling their way around, theres no reason to believe that this will be a real biggie. But if someone writes a well-designed grab bag worm to exploit the various bugs in PHP and other products common on Linux servers, we could have a problem on our hands.

Administrators of these systems dont always feel the pressure to apply updates as frantically as Windows admins. Complicating the problem is the fact that Linux distributors like Red Hat can take months to issue their own versions of updates.

On the other side of the equation, outfits like FrSIRT are working hard to get exploit code out there for vulnerabilities on Linux as well as Windows. Consider this Linux exploit; its over six months old, but I bet there are still plenty of vulnerable systems out there.

There are many ways that administrators can protect themselves, for instance by using an open-source intrusion detection and prevention system like Snort. Of course, even systems like this have their own vulnerabilities and exploits.

And once a system gets infected, things can get pretty hairy. Consider Symantecs recommendations in its write-up: "Unless you can be absolutely sure that malicious activity has not been performed on the computer, we recommend completely reinstalling the operating system."

The bottom line is that if attackers start going after these less-attacked vulnerabilities with the same gusto they exhibit on Microsoft vulnerability day each month (Happy Second Tuesday, everyone!) then at least some of the problem will translate over to the Linux world.

Things cant get as bad as they are on Windows in part because the biggest problem in securing a system is getting the user to do it, and Linux admins are more likely to be aware of the need to do this than the average schmoe running Windows.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Still, its as condescending to over-assume the competence of Linux users as it is to under-assume the competence of Windows users, and there are no doubt still plenty of Linux systems out there that are misconfigured and running old, vulnerable versions of applications.

The fact that there havent been many major efforts at creating Linux worms isnt proof that they are impossible. I think well find out just how hard they are to write in the next few months if the people behind Luppi keep trying.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Is This the Dawn of the Linux Worms?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}v㶒s{̎Sj^-c[ޖΜYZI)l3yu~|n|tfI BP(!{I">0pS|jxΤ~HR}g͛އ{skUQ!}PQ2Ġ建>uٵAz:|8 \?A[Y|4 H؎MEnY [پ ׍ۑL!z8E$NXyo~c>1C xz`:v-2谖A\eYf42ۜMٰnZ,hE˅ҁR8+{8e2ݭQkk\)(U? ׷th_Abu>[_8sD8W[YHM~c/DbJ|ud"A 1l9 : P%ݨopA )ZU+.f1Sd>XIC/YTU9@f9j5'򳹥ym^_]:Mm]>ߘecfy3岦?BJg3D~3 /W7'77˓MIcAVL=B'}: OɗV:'^=:$=L,rG=jiT$5qUxyd$YIrֽ8't=M% $>sܽ/Rx374o(ƀL8oZujgt0kKPx۬170_迦]-s a4Z@u&h)5?&`ƚb.L2oՔ¾ TQ%嗋m|*(If(;=^6_"ʥac^IcFs^ 4,j 8އ.כEsLt];x;{T?m6'sվEioǫuw#洋вnGI9QM}sQ+b1x+EYT r*WL Fm!S[ö@ .S:ԧV}4|0 ZC>ޏĭ Ivi(|I8hƋMrnMrӇ!Lga;^h.[ pŀ00'wkLP#AтMx>;Tَ(??6 ; G`p&;xk90%о}a>qjQ]*3<)Ч>7}`Nt&Ԡ>Ԇ.q<ʜK) D@$H}Ft"AђF *4 g3#X"C"'G3`[X;.V\,y"M':ΝSŇbx&,R,BV-KᗄPf%i2m`Ʋń(VFN&Qea*0pRx5Rn,`o JUJTIoBs84 03uq=ր4` [N@Nt0iH\U}N`9y= !v8%3t0fXfZ1kN`LaǺ@32iӆ4$rTDh < I8퍝{lzƐ]2 G08-ncys3tWNn~|CrTfЬ||=厬m4@>|zS.ZuΩJJ&k2H\g2)*[hs< 9:[,M7)\QYbҾ_)XScX`D>DoL(^HIRЙj!@9zѧl):[V[J7˪J"$l }ooaXZ @-ſEi-d[|aa2E]Q\BKHD@CR)Ե s~ɰC /0<:Bb&^ddhQ iÍ*c#=|söVoUwLYZsX)Z9R{5>k断,0!.(2n( ,)lVCax5Zzǎ As,t\OX\|m0Tϣ(a!w1 N( >Fװ DؚZQ{gm1Jhx#e\8XbO`f.#Všc&°s\\ˆ=~5d>n6 'L[!B D+ه0`M E5[E6R^-":0iTҗJ^Ucϒak@Lf2,gre9 'jYg$ Ei."0i$p=c,|IVtxOF ;E: . ZA ЏzBr^aj D"TJe `nR@;kRUԓtp -ނäHL!2BSݧ=1g匬L3 { d+|S{ZIUjA-8Y+0yOoSO@H.5=g8ޗ89w쾻&F?󧟔m큩ܦ[pCs.SK1c6# ,co0+fW#S@)WHF(`0]( h3sT͜Z/YQSlfca "8&7>jVj8v7dݤ/Hɘ-qV}Y=w7䊢-?݀ޭlF'FA\=>< `QtEa*NiLHYT9BRkEBZG ?cqe@xgص`L )Ĩ5U)T*~eM['5^,mhDQXi^{p ';pLjg y+즬h+sJbOW2ED3yxjC鳨OiD?Y`b&T~\yRglg^a+oU9e:a'A /#UIV:#ݸ/&ȫ"}kPcw(* xg4s&DcC6VNMFvpm"z'ثD>$g;}'D`sI*%f΁MOJy0=+@" #f.S_5 _֧.3&nq,Oң#OPzQrZ!*jvݘ}$.JSO(NnTB9_VJBЛgQC.'y/Ӛ lZv_AKkpo= -2j>uR:̖K%4e3/-CX?ٿjwZV00VYE+Ea珅%<4ԺnQ*9o]6$1nJ`.'HN8om48T6MFEG:Ky6P ` bT1J/ԟRJMQV=#ijqπQAQ):*9Q;_akѷo)Aߐ>O1Ok7tEh[(+hLVdsJ; Yc~:)}@OMN9˙^%i^;g5o ?"HtSkԛC26jG \(<c6?G0 ch9!!J B"0oBO. [7tKb TtJ!SBt 02H PV,O&e=lI1 iKBih%bbVHRosոܜ6<1ަmƙBƗȚGX ;[ .ViH0_Ӹ\b趎D XY+o-yRb}YGJ^KjpVKU^N4@8 =Na.z+vuϏem_'L=OZ'M{q?I8t2Ti\'SX2w;ѺB ~nϦyv$smC'رD~zv`g蚳 o. cg-;oCĆ#wBjkQD=%7&`q*hcݮK"S Á3M!'mryyMgQW;$tN vpߋ§  ;s]#g䜉q+njf5e)t7qv^{;iNinmUZyZ J}~l't2D(j9]f{w}Ȫ̅S.;ى~g#S^q:-< &n^%3 =яki^x̠t8 u1{KB?{U@{~-ˤa]f+*w}s7ZE)]K\v^hr;D%ydO>^jZѬ5Y ^DVΧA#<ngI&vd@SIqp~vnwcJljl 4QbhL9oj٢h_5d6 Z;a2*|Z"Zybao1֢ IM1XQ|9L8:ip*9_Po.i{\naa0^e="3^,qlĨe[06,_gii?q45V،SLs栦b~}X`ˤ~[X'G\/_bimgk~cL/HHUz/X0bd\s1({ ĞHS{9.)%vrw+hϤީp! @< ;Ӄl*_gryn+@mpdX8:c <`#f0 ۠?MQNe畐ߋ|>9sLbNJU/ˆ![I8X2-3Ue".C\Džzg:! Ȝ k &- P.3$,.D'+>řs3/f? 렫+:KϜ{, i2Pq <z 9NS^>8V 1(^8=zkQ^TR?4iYl.U _p&,ǝ*5X(ǻ"OȢ,Ilv+1UfNY%Nw`n/Uj1ο4}K+R1"$wey6oyB&rDyd,ԴJՔhbp8^)&/ LsQ0_\pn(-+kjp՟r 7 )sk>P`@ FA~tLb& dWb?bPQ1T=$LzvRC0ܙMt`aC?.8D2AinZ}Ϲ}\(jŢ,U *? a80o#@$1@\&E&ǻ,MY+Y_}"~9O{o8l}URUI%ܭaCl(MƼEz}m=fdhzS_ҴRRc` XD§:Zi#BG{Zإ)_]rU)Hd> cd>&.ڄSB 0bA |mlU~a}mVQTEҊFgYz';Sk u0-`a"ز' ސŃJe͔ƀK0$'s$Nп% sR۫-)k_5/htMQ~pQX#д8 ŤRPV1_J[ @x ȉ+Z Q _BR=!c>ECQlnHs"߸C Eb2-M¥ݯ+ݐP9M_:X(_rgtKi 5,F!€ =}+d W{^ nKԷ|aCv)|aP y ABZ`{D%Wp/uLtzL[ݘ;[>` $K8دOI@ϣJYn;*zD4cǣ4𥏰XjB %00 uYHL ϶$Wu ;3LԁU`&9`W:?+_ӷ6/⥽^Fx{Q}9nq.m|W˯aY@{51 qg)!Zp6P]oހ^<=G&!YL~$0&«s݀5Pi/5n;*yg(eDURo|֊[NۛiΞCm%\k:ͨ4$}c-12]+f?v b* n'٫Y06Yl /Lqìfo>_`c\7n2m}o߿ۉ`!ߛ턗¤뛴'O|oK+o[D:!pS/{?^o7c$H|m"'E<^vDQ8()F5tPwpo?- N! ŢWĺ'.kjc!O4#|.cIAw7,G?P9E=яv> *9E *96isbbFyA y!Fvw;Kb+naJ7{$qPVkkK , k{"JY"'"KIH^XB+pD]bi@ c{(h#8<iLʃxZz[1lsϩTh,vxVȥ+pL1S%|?ZiE]L1xy[ݏ̀+5fL7P;qU6'0HuPjѝX UP+$405A0i1]hs|YM13цX50zfDZGav̈́W|W@O[jk1qY4Yձě-ݾ]怏<5<mQNa=b,Ml7w$nSJĦw~6տ4,\ d<LπTfYw=jhD֤Jd i_%_.OU+ETT9=LuW9ZєV)`{dEʆ;24Wk^#>=g`z9Ekɽv=/=yRMݳf1p\\* EL>O& LtxZڊ|Lk?H~K1}mi%`\z1߾Zۍ r;C6j.SʞAH+_a᷍lshٓOR:q^aci*qwM[,{=yJMh>#Ծ3=F+{^l9z.z{ɰ̎mYqlΉ04%nc茜n>M<::Iǥ4 ?R)!7~m+sY h#nO5QC9W>`O_ňR>dD9moxӸeiL(tD!1 \”cЍBaUfwܠ~˺*ڟO5н`7{qBdod}exxKqJ{"vH۶ v8ĎeFw.zC.yeTW}!Fw_ 6b^Za>IG^!>x #b2zސ>9#XD aIm{7R[ $y?DD% QylhM6;aHC9S&2>CCߑ7uM}FG/CO} gAnj @Nxl0W =; wC9–3\vcf+ Z؟0>gGpV%A1Hvw֨5o~(Jԭ5'Ч枩hU-1Șh MQ ҖHxDmr|ttf$!"fma@IF$y bx 6)S^OBnKmGv늉1Js\-uB@ebqzr9<+D:dW@Q:EU 7T,G,(I*eIL)!H0Znj`:xIg- .E.[q[ jcܕѭQ~&ib,9ǥnldaQ(b8KMu߇3,ȏ$nNK 9B$P!%h$bcx=9A~ebdaz~X׻ce/( p {@Ka1c~Pob$4+ >)y>gٕa)XUʗFy|?^fI3Uqӄ^I+L^ / PHZ  WuGf}`fmoi%WWi4uI::׭n}I<5m--R%:GOOu벛|j5<ח6/*v(P^6.NRʉ`Q{ĵ,e5*y^%Lqx&EIﶺPJTٌ51o 0LL,7NNZq YW'>;tɱ3XuY8m:Fx9j0C-S܄qP "v.i_63Фo%ukה 忮) ƚ6ה#wW Nkʏxu)t }X]~Z['zdM9ZgZkd?w֔O0/֌bM/:@ߋ5\bM/?/D\ˏPqM)cM_)\3 ?kr۠kOK{~ZW՚OY]忬.a }ʡ#@ͺrߛ5{߬if %:IZ3Ayc5pvsb ź Oa uy賒kV~-2j KLk_u{ )̭L_[WBX\jzr+n /dmNtZi8Ӯ5nXO G{1>2ybzHL+gل@CX{#uO啄'NW|4C\]N9b}+r>VDV*q&R2#s"qǾJsdžȾ>q-LfD4+[HO8ѭeybARX-c#]nL((G@Kn9䵂#r75idp[~|^ϋ9y}³2ٱylϣxBo2Q*K5ýE4oq` f}d17w>`Y.U~8#^yĞ^ ewxd餖g,}Tq8 j9qYu8%7o,R |@Y8'}p)h5z=C9jhN_i{N|3rXgX&HƝRA j~r\TۑN0lFODd>1jJ]N-JAP,.g /(@#غ7M{%}Ch9=q̐ga1V1 !/޺chd>Mk+#Y3x_&05%xlӍQfr{^f$W"nrǖ3Hh1 0'O>8ÏAnl8cX00wqg4?xR Hv25BOLk&gf3x3z_Lr(pIi/0̈wx&b%b P|_A^~]x?aB}T.q s:##1Y Mc{Vkͅ*q8w iւ#4zN+DN焽HaCm5[WeԢر"贮HDZ98eoL"m,?hPxUE0z_$=Cf KaeƠ})e h kn`?hoȢsL ALH\>oz^Dl+ O* bNm% 1o)%*kt[1Oe[BI<ŗ-<>,D*9"[o %[1U)֜j/gзǁ/[MzK9((& ]a6rьJqIХy@񟄷zH, 7AQ^+yJ>? T|- 5{\6LDS hyx3ІϨncC>읚6^/_DLU88ٶ2COA=t ӏke[  O<C2DSL/Tvy*s*>ݠK6/1^7Q$L{3zQ`+L\-  `⎈M K-6q¥"UJNX,8. +4⿞4{=G]:HGx kyf#ŧW<2RP#jdVw@8̝-/~H۶I% `:=Vږ+zr1e~8ŞiG(q<,@:cqtp_X (K# LsEN8u vKѲ f7"aa^n1n,SLN&*܋ϑ{̾!V ^f#`ٱRɤ{i epCikZ 0DqU XâWqTR:!; /fk`4bOP1,3Qf7]M`N*)Asa#Dl [ApN7fWe3S<"Y4.ǎ;cyȏ|% .k*gA-J12Mo,gkV"K긘#9= `5>YKTMhc{pfi&#S3 {τ ixj X}`A_E@GgyUĔfٵLRKnrmmck 60MÄ2"5poq-yeיJȆg% 3^೐\,/A-r*r*]xD4[NbŠbix0tEA .Рw8&ŕ>;?wޘC{PF |ݫB>-tH|_-fZ 2?wE`D7f{/E5(ևD2Top:>w5Pb A=@;VM?4)?f'Uyӹ|l5=fŚfM-O?caCw?c5pq5]eV˒ÄA!Q9vP=XZ({з`٩y  KԷňg0fhZ1A1;4v’ٗ)M[6{0$s]_XGX ]ϭ~)5rQ±@X׊+ /V/UӍS2)~N|O|cSĵ2z(`Vw>KlUEQ;,9x%Wr34-P `"c}W*~w. 7cpa^V§&ATg #OOYgi+jN"n@K}$9ظ 0~ [xuWPOPY&㍦_x:Tw҃ncf!:f'.QEe7,T#QհGWLw`Y=t9Xe4huOb'c` Dwɦ}?,~bQEK6{2A/g?7O[. 1LG8WX&s LfO,o"˗-\8.@ׅ jHa+bCq4G4p-CӦ-661( N☁8bƟbV{dE/x!ofnA.En ,ۜ^fk7It?c*ӽ w>`QrO|YE&',9Q[} ƌ5:Bԥ;o|0We;>ne!jY'~Ok~odfc_$/qM,[YuE:JtAZ&ĝ/OA0z*%2 F=pn9yUIyU"#`c`|!W&,h&ѡrXNfQ[If2V;,e;MfG ~'Le*̾WveG /h>DlANysk|}pھJCA+zy֯(a' ѨTr4[ϺKÔ#\q)h!(nъ:fջj.'+-f 6x4sx(AUzK0RZI+'XSf=!ɁR1ol0+C|}̆mJBo?nD'!&WV)9Qg:fMf-#+L _<^V?