Ruby on Rails represents a widespread framework which allows developing web apps on the Ruby language. The Ruby on Rails app’s vulnerability is actively used by hackers with the view of compromising web servers and creation of a botnet.
Although avoiding the existing problem of vulnerability the developers of the Ruby on Rails have already launched a security patch in January. The problem is that some Rails installations have not yet been updated by server admins.
Security consultants are surprised that it has already been happening for so long to exploit the vulnerability, but what is more surprising is that users still run the vulnerable installation of Ruby on Rails.
This vulnerability is exploited for remote execution of the code on the Linux machines. This code loads malicious C source code from a remote server and then compiles it locally and executes.
If the procedure fails to compile, the system loads already compiled version of malware. The bot connects to the IRC (Internet Relay Chat) server and joins a specific channel through which it receives commands from the attackers. The malware’s precompiled version is also loaded in the event of the compromised systems fail.
According to security experts’ reports despite the limited capacity of vulnerability, it is dangerous and allows you to turn the Linux machines into bot. There is already evidence that systems of some web hosting are affected.
The hackers more and more often compromise web servers to be a part of botnets. For instance not so long ago Apache servers were infected with Linux/Cdorked malware.
The only way for users to avoid the risk to be hacked is to install at least versions 2.3.15, 3.0.19, 3.1.10 or 3.2.11 containing the CVE-2013-0156 patch. However the safest decision is updating to the latest Rails versions available.