Ruby on Rails flaw being used to recruit servers to botnets

Malware peddlers are trying their luck with Ruby on Rails servers that admins haven't patched.

Criminals are using an old weakness in the Ruby on Rails web application framework to recruit vulnerable servers into a botnet.

Read this

Ruby on Rails vulnerable to six year old flaw

A flaw in Ruby on Rails has administrators scrambling to patch it after discovering that practically every version of the framework contains a flaw that allows arbitrary code execution.

Read More

Developers running Ruby on Rails should install an update that was released in late January for a serious remote execution flaw that attackers began exploiting in the past week.

Security expert Jeff Jarmoc, who discovered the exploit, notes it has caused server troubles for some running vulnerable versions of Ruby on Rails.

The exploit causes the server to download and execute a series of files from domains known to host malware before setting up an internet relay chat (IRC) protocol bot connected to the domain that joins the channel #rails. 

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

Ruby on Rails prior to versions 3.2.11, 3.1.10, 3.0.19, and 2.3.15 are vulnerable, according to Cisco

The attack on Ruby on Rails servers follows similar web server attacks, including a recently discovered backdoor for Apache web servers that followed earlier malicious modules of Apache.

Security researcher and Metasploit framework founder HD Moore called the Ruby on Rails bug by far the worst security problem to surface in this framework to date when it was disclosed in January.

However, due to its widespread use in websites and web-enabled products, he expected to the vulnerability to persist on servers for years to come.