If you remember a while back, there was quite a stir about some of the PHP applications out there using the XML-RPC functionality and the problems that were found with it. Well, according to this article over on The Register, there's a worm that's making the rounds exploiting this very issue.

Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems.

But unpatched systems are at risk from a Linux worm - called Lupper - which exploits the bug to load itself onto vulnerable systems. Anti-virus firms report few reports of the malware which is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than its risk factor, which is low.

You can also get the full release information from SAN's Internet Storm Center here...