Ruby-on-rails Flaw Abused, Botnet of Hijacked Systems Built
According to Jeff Jarmoc, Security Researcher, cyber-criminals are leveraging one highly dangerous security flaw affecting 'Ruby on Rails' an online application module of open source kind for controlling servers so as to include them within an offensive network of hijacked systems, reported arstechnica.com dated May 29, 2013.
It was during early January this year (2013) when the first alert about the attack got issued soon following Rails maintainers releasing one security fix for the flaw. Actually, by exploiting the said flaw, attackers could run malware from afar on the inherent computer servers. As the vulnerability's exploitation turned out successful and the process allowed making security-weak PCs get added to a network of bots, it shows that numerous people administering servers yet fall short of loading the crucial patch even after it got released over 4-months back.
Jarmoc states that the exploited servers contracted malware, which initiated their joining certain IRC channel i.e. Internet Relay Chat chain on 1 amongst a minimum of 2 servers.
Jarmoc did not reveal the number of contaminated servers, while tweeting that the server-hijacked computers, being documented, were currently offline.
He added that there wasn't any validation done; therefore, a creative person could compromise the bot-infected PCs pretty easily via connecting them to the IRC computer followed with commandeering suitably. Scmagazine.com.au published this dated May 29, 2013.
Jarmoc informs that there's not enough clue as to how the attacker maybe putting his hijacked bots to use. Apparently, they can be utilized like one Distributed Denial-of-Service (DDoS) botnet; however, there isn't any proper clue, which backs a specified objective, other than one of compromising vulnerability-hit computers. Threatpost published this dated May 28, 2013.
The researcher posts that he discovered 3 C&C servers each one inactive as of present. The domains earlier harbored malware, especially Trojans that attacked hijacked systems.
According to Jarmoc, updating Rails isn't particularly difficult, however, like always this update too probably makes undesirable impacts on software products something that alone can make some users hesitant.
HD Moore, creator of Metasploit stated 'then' that security flaw was possibly worst security problem that impacted Rails, thus reported Threatpost.
» SPAMfighter News - 06-06-2013