For many of us who run Linux, one of the attractions to doing so is being relatively free of security threats and malware. Every once in a while, though, a notable threat does target Linux, and Symantec researchers have ssued an advisory warning of a new worm that targets not only Linux-based computers but many kinds of devices that include Linux, including some routers and set-top boxes. The worm, Linux.Darlloz, exploits a PHP vulnerability to propagate itself.
According to security researcher Kaoru Hayashi:
“The worm utilizes the PHP ‘php-cgi’ Information Disclosure Vulnerability (CVE-2012-1823), which is an old vulnerability that was patched in May 2012. The attacker recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013.”