Advertisment

Lupper-ed!

author-image
DQI Bureau
New Update

In Chapter 4 of Sun Tzu's great work, The Art of War, the Chinese master says

that

Advertisment

"invincibility lies in the defense; the possibility of victory in the

attack". Software platforms throughout the world often set forth only half

of this equation, to their detriment. Of course, Linux has been the exception on

every security parameter imaginable, said its strongest backers.

But, at last, surfaces a worm specially designed to hit the invincible

penguin where it hurts. And, the first major anti-Linux strike by the worm,

which McAfee named the 'Lupper', Computer Associates as 'Lupper.A' and

Symantec as 'Plupii', clearly drives home the point that the democrat (open

source) is as vulnerable as the oligarch (proprietary software).

Of course, Lupper is not the first anti-Linux program and certainly won't

be the last. The ADM worm was the first virus aimed specifically at Linux users

and appeared briefly in 1998. Symantec has reported three Linux viruses in the

wild since the start of 2004.

Advertisment

As

for Lupper, when security advisory Secunia first sounded a warning in February,

corporate eyebrows were not raised high enough, though many website content

management and blogging systems which run on Linux were reasonably worried. This

was because, as Secunia explained, content management systems based on the PHP

scripting language were vulnerable to a flaw in PHP's handling of XML commands.

Researcher James Bercegay of GulfTech Security Research had said that the flaw

could be exploited remotely using a specially crafted XML document.

Turning off the XML-RPC function, a simple protocol used to make remote

procedure requests to Internet-based servers, was suggested as a quick solution.

But the vulnerability continued to be present in popular applications such as

PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ. Which

Lupper targeted on November 8.

Advertisment

Data passing through Web servers is still not meticulously screened against

possible attack scenarios. Port 80 continues to be a key gateway to everything

from Hell. That Linux is no less vulnerable to port 80 intrusions is a

revelation. The Internet Storm Center says that Lupper attempted to download a

remote-access trojan from one system and use the trojan to try to connect to

another site via port 80.

According to a McAfee report, "the worm blindly attacks Web servers by

sending malicious http requests on port 80.

While discussing security alternatives to Lupper, the classic case of the

fence eating the crop would surface again. For, security protocols in today's

data centers do not afford the luxury of giving every user the right to update

his system. Often, this would prevent timely updates to potential target

systems. While Linux supporters point out that the OS has very strong updation

capabilities and download managers to effect the same without expert

intervention, the fact is that many Linux users still fail to make full use of

the same.

Advertisment

But hey, just over 35,000 bytes of info has been affected at the time of

writing, so why worry? And, Linux's lack of a Windows-style data center

penetration is right now a blessing in disguise. However, the idea that Linux is

inherently more secure than Microsoft, while partly true in some contexts, also

lends itself to the low-density factor of Linux. Microsoft is targeted more

heavily, simply because of its high usage.

So, complacency has been where the real danger lay ensconced. Even the

security firms had waited long enough for a worm to hit Linux hard before coming

up with counter-measures. Leading security firm Network Associates (NA) only

last year released its first Linux server anti-virus software, citing the need

to "stop the transmission through Linux servers of malicious code aimed at

Windows," according to an NA release.

Many security firms who had developed or focused fully on Unix anti-virus

products, are now moving to Linux to deal with potential threats to businesses

running both Windows as well as open source software. The other market will be

for securing Linux systems running on Unix servers. Granted that hackers are

focusing more on Microsoft, but comparisons are irrelevant where security

strategies go. Post-Lupper, the consumer will be demanding a stronger Linux.

Ravi Menon

Advertisment