Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

The targeted vulnerability was patched in January, but many servers haven't been updated yet

Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.

The Ruby on Rails development team released a security patch for the vulnerability, which is known as CVE-2013-0156, back in January. However, some server administrators haven't yet updated their Rails installations.

Ruby on Rails is a popular framework for developing Web applications based on the Ruby programming language and is used by websites including Hulu, GroupOn, GitHub and Scribd.

"It's pretty surprising that it's taken this long [for an exploit] to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," said Jeff Jarmoc, a security consultant with security research firm Matasano Security, Tuesday in a blog post.

The exploit that's currently being used by attackers adds a custom cron job -- a scheduled task on Linux machines -- that executes a sequence of commands.

Those commands download a malicious C source file from a remote server, compile it locally and execute it. The resulting malware is a bot that connects to an IRC (Internet Relay Chat) server and joins a predefined channel where it waits for commands from the attackers.

A precompiled version of the malware is also downloaded in case the compilation procedure fails on the compromised systems.

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc said. "There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands."

Reports of malicious activity using this exploit were posted in recent days on several discussion boards and it also appears that some Web hosting providers were affected, Jarmoc said.

Users should update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19 or 2.3.15 which contain the patch for this vulnerability. However, the best course of action is probably to update to the latest available Rails versions, depending on the branch used, since other critical vulnerabilities have been addressed since then.

Attackers are increasingly compromising Web servers to use them as part of botnets. For example, many Apache servers have recently been infected with a piece of malware called Linux/Cdorked and versions of this malware were also developed for Lighttpd and Nginx Web servers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags softwareintrusionWeb serversExploits / vulnerabilitiesMatasano Security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Essentials

Mobile

Exec

Budget

TerraCycle Zero Waste Box Pens and Markers Small

Learn more >

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?