A new bot is spreading in the wild, with attackers looking to compromise vulnerable installations of the popular Mambo open-source content management system.

A recent analysis by SecurityFocus confirms that a vulnerability first published on November 16th has resulted in numerous websites being defaced. Now, a bot has been released that compromises the web server and provides additional functionality for an attacker. Reports claim that the bot allows for arbitary code execution, DoS attacks (via TCP, UDP and HTTP floods), port scanning capabilities, and the ability to discover other vulnerable hosts through Google searches.

Web-based worms are on the rise and any Internet-facing operating system platform running the open-source software can be targeted, including Windows, Unix and Linux. However, Linux remains the predominant server OS of choice for web hosting, and therefore attacks that evolve into bots or worms highlight vulnerable Linux systems much more than others. Mambo administrators are urged to download the latest security patch immediately. (SecurityFocus, 2005-12-06)