A worm targeting Linux by exploiting Web server holes has been spotted, although doesn't pose a significant threat.
Linux.Plupiin spreads by exploiting holes in PHP/CGI, according to McAfee. It is a derivative of the Linux/Slapper and BSD/Scalper worms and attacks by sending malicious HTTP requests on port 80.
If the server is configured to permit external shell commands and remote file download, the worm could be downloaded and executed. It can also harvest e-mail addresses stored in Web server files.
The worm opens a back door on a compromised computer and then generates URLs to scan for other computers to infect and that can affect network performance.
Symantec rates the worm as a medium threat as it is easy both to contain and remove. McAfee assessed it as a low threat for both corporate and home users.
Linux users should update antivirus software and patches to protect against the worm.