Ruby on Rails exploit builds IRC bot

By

Bot open for hijack.

An exploit has surfaced in the wild that is building a botnet of Internet Relay Chat servers using a five-month old vulnerability in Ruby on Rails.

Ruby on Rails exploit builds IRC bot

Two patches were issued that closed off "extremely critical" parameter parsing flaws present in all versions of Ruby on Rails which could allows attackers to bypass authentication and execute arbitrary code in Rails apps.

"It's pretty surprising that it's taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," security consultant Jeff Jarmoc said in a blog. "It also appears to be affecting some web hosts."

The exploits are being launched for IP addresses that trace to Germany, Russia and Ukraine.

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

The "pretty straightforward skiddy exploit" built an IRC bot that connected to a known malicious host and joined the #rails channel without the use of a channel key.

It executed only once on an infected host.

"There’s no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands."

- With Darren Pauli

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?