Tuesday, June 27, 2017
Home / Security / Exploits / Ruby-on-rails Zero-Day Exploited, Targets Join Botnet

Ruby-on-rails Zero-Day Exploited, Targets Join Botnet

According to Jeff Jarmoc, Security investigator, cyber-criminals are utilizing a serious security flaw affecting ‘Ruby on Rails’ an online application module for controlling servers so as to include them within an offensive network of hijacked systems, reported Arstechnica dated May 29, 2013.

Early January this year (2013) when the first alarm about the attack was published soon following Rails maintainers releasing one security patch for the exploit.  Jarmoc says that the exploited hosts contained malware, which connected them to a Internet Relay Chat channel (IRC) chain on 1 amongst a minimum of 2 servers.

Jarmoc didn’t disclose the number of affected hosts, while tweeting that the server-hijacked computers, being documented, were currently offline.

Jarmoc states that updating Rails Is not especially difficult, however, like always this update too probably makes unwanted troubles on software packages, something which would make a lot of users hesitant.

HD Moore, creator of Metasploit stated ‘then’ that security flaw was possibly worst security problem that impacted Rails, thus far, reported Threatpost.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …