IRC Botnet Built Using Ruby On Rails Exploit

A five month old vulnerability (CVE-2013-0156) has an active exploit turning systems into IRC bots.  A patch was made available on 8 JAN 2013 and if you have not upgraded to versions 3.2.11, 3.1.10, 3.0.19.or 2.3.15 do so now.

The exploit sets up an IRC server that connects to 188<>190<>124<>81 and joins the channel #rails.  It does have the capability to download and execute files if commanded.  According to the security researcher Jeff Jarmoc the compromised systems could be easily hijacked by anyone that enters the #rails channel.  Jarmoc has more details and some of the exploit code on his site at

What makes this interesting is that this appears to be the first major exploit for Ruby on Rails.

Post by Protocol 46