Thursday, November 28, 2013: A new worm has been discovered, which reportedly targets x86 computers, which are running on PHP and Linux. According to reports, variants of the worm may also be capable of attacking home routes, set top boxes and other such devices running on different chip architectures. The worm has reportedly been named Linux.Darlloz. According to Symantec researchers, the worm runs on proof-of-concept code, which had been released in October.
Further, security researchers at Symantec have reportedly said that the new worm exploits a vulnerability in the php-cgi. According to reports, this vulnerability had been patched in PHP 5.4.3 and in PHP 5.3.13 in May last year. It is tracked as CVE-2012-1823.
According to a blog post by the researchers, “Upon execution, the worm generates IP [Internet Protocol] addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target.”
Currently, the worm seems to be targeting the Intel x86 systems only, but the Symantec experts say that the attackers also have variants for MIPS, PPC, MIPSEL and ARM as well.