Attackers are exploiting an extremely critical vulnerability in the Ruby on Rails framework to commandeer servers and make them part of a malicious network of hacked machines, a security researcher said.
Ars first warned of the threat in early January, shortly after Rails maintainers issued a patch for the vulnerability. Ars warned at the time that the vulnerability gave attackers the ability to remotely execute malicious code on underlying servers. Criminals' success in exploiting the bug to make vulnerable machines join a botnet suggests that many server administrators still haven't installed the critical update more than four months after it was issued.
Servers that have been exploited are infected with software that caused them to join an Internet Relay Chat (IRC) channel on one of at least two servers, security researcher Jeff Jarmoc said in a post published Tuesday to his personal website. Attackers can force servers to download and execute malicious code and join new IRC channels from there. The channels required no authentication to be accessed, making it possible for competing attackers to infiltrate the chat room and take control of the compromised servers. IRC-based botnets harken back to the earlier days of computer crime because they made it easy for "script kiddies," or relatively unskilled hackers, to control huge numbers of infected machines in lock step, using a handful of pre-programmed commands.