Over the weekend reports began to filter in of a new network worm that focused on a variety of vulnerabilities in products typically found in Linux-based Web servers. It's been tagged by many as a Linux problem, and is, in a practical sense, although most of the vulnerabilities aren't strictly Linux issues. So far there's no evidence it's a serious real-world problem, although the Internet Storm Center has been reporting that they are seeing multiple variants of it circulating around the net.

Most anti-virus companies and researchers are focusing on what is probably the most significant vulnerability attacked by the worm, the XML-RPC for PHP Remote Code Injection vulnerability.

The others at issue are the AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability and the Darryl Burgdorf Webhints Remote Command Execution Vulnerability, both less common than PHP.

While the authors are clearly still feeling their way around, there's no reason to believe that this will be a real biggie. But if someone writes a well-designed 'grab bag' worm to exploit the various bugs in PHP and other products common on Linux servers, we could have a problem on our hands.

Administrators of these systems don't always feel the pressure to apply updates as frantically as Windows admins. Complicating the problem is the fact that Linux distributors like Red Hat can take months to issue their own versions of updates.

The link for this article located at eWeek is no longer available.