According to Jeff Jarmoc, Security investigator, cyber-criminals are utilizing a serious security flaw affecting ‘Ruby on Rails’ an online application module for controlling servers so as to include them within an offensive network of hijacked systems, reported Arstechnica dated May 29, 2013.
Early January this year (2013) when the first alarm about the attack was published soon following Rails maintainers releasing one security patch for the exploit. Jarmoc says that the exploited hosts contained malware, which connected them to a Internet Relay Chat channel (IRC) chain on 1 amongst a minimum of 2 servers.
Jarmoc didn’t disclose the number of affected hosts, while tweeting that the server-hijacked computers, being documented, were currently offline.
Jarmoc states that updating Rails Is not especially difficult, however, like always this update too probably makes unwanted troubles on software packages, something which would make a lot of users hesitant.
HD Moore, creator of Metasploit stated ‘then’ that security flaw was possibly worst security problem that impacted Rails, thus far, reported Threatpost.