Ruby on Rails flaw being used to recruit servers to botnets

Ruby on Rails flaw being used to recruit servers to botnets

Summary: Malware peddlers are trying their luck with Ruby on Rails servers that admins haven't patched.

SHARE:
TOPICS: Security
2

Criminals are using an old weakness in the Ruby on Rails web application framework to recruit vulnerable servers into a botnet.

Developers running Ruby on Rails should install an update that was released in late January for a serious remote execution flaw that attackers began exploiting in the past week.

Security expert Jeff Jarmoc, who discovered the exploit, notes it has caused server troubles for some running vulnerable versions of Ruby on Rails.

The exploit causes the server to download and execute a series of files from domains known to host malware before setting up an internet relay chat (IRC) protocol bot connected to the domain cvv4you.ru that joins the channel #rails. 

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

Ruby on Rails prior to versions 3.2.11, 3.1.10, 3.0.19, and 2.3.15 are vulnerable, according to Cisco

The attack on Ruby on Rails servers follows similar web server attacks, including a recently discovered backdoor for Apache web servers that followed earlier malicious modules of Apache.

Security researcher and Metasploit framework founder HD Moore called the Ruby on Rails bug by far the worst security problem to surface in this framework to date when it was disclosed in January.

However, due to its widespread use in websites and web-enabled products, he expected to the vulnerability to persist on servers for years to come.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Smug Linux admins learning the hard way

    Welcome to the reality. Your server will get compromised if you do not update.

    Linux is miles behind Windows Server when it comes to protect against vulnerabilities in the OS and (especially) in 3rd party apps.
    honeymonster
    • What's that sound?

      Oh. Crickets.
      toddbottom3