F-Secure said the Mare.D worm installs a number of backdoor ports on the infected system (and will harm it if the system runs Mambo open source CMS system or the XML-RPC PHP library).
Two of these back ports are of the 'connectback shell backdoor' type, named "cb" and "ping.txt".These two back ports connect to the remote computer via port 8080. The third back port is written in Perl language and controlled by IRC (Internet Relay Chat).The main component of the listening worm for commands at port 27015 of UDP (User Datagram Protocol) protocol.
Secunia said, this vulnerability affects PHP XML-RPC version 1.1 and earlier versions.The company advises users to upgrade the PHP XML-RPC library to version 1.1.1.
On his website, Mambo said he had released fixes for versions 4.5.3 and 4.5.3h.Users can download these fixes fromhttp://www.mamboserver.com/.Mambo also recommends that users upgrade their software if they have previous versions of 4.5.3.
A consultant from Sophos said, they still haven't seen any customers complaining about the Mare.D worm.