Ruby on Rails flaw being used to recruit servers to botnets

Summary:Malware peddlers are trying their luck with Ruby on Rails servers that admins haven't patched.

Criminals are using an old weakness in the Ruby on Rails web application framework to recruit vulnerable servers into a botnet.

Developers running Ruby on Rails should install an update that was released in late January for a serious remote execution flaw that attackers began exploiting in the past week.

Security expert Jeff Jarmoc, who discovered the exploit, notes it has caused server troubles for some running vulnerable versions of Ruby on Rails.

The exploit causes the server to download and execute a series of files from domains known to host malware before setting up an internet relay chat (IRC) protocol bot connected to the domain that joins the channel #rails. 

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

Ruby on Rails prior to versions 3.2.11, 3.1.10, 3.0.19, and 2.3.15 are vulnerable, according to Cisco

The attack on Ruby on Rails servers follows similar web server attacks, including a recently discovered backdoor for Apache web servers that followed earlier malicious modules of Apache.

Security researcher and Metasploit framework founder HD Moore called the Ruby on Rails bug by far the worst security problem to surface in this framework to date when it was disclosed in January.

However, due to its widespread use in websites and web-enabled products, he expected to the vulnerability to persist on servers for years to come.

Topics: Security


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.