Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Full Disclosure: update on the linux worm

update on the linux worm

From: Gadi Evron <ge_at_linuxbox.org>
Date: Sun, 19 Feb 2006 07:36:03 +0200

A quick digest of some updates from the last few hours on this issue:

1. The worm is based on 'kaiten', which has been going around in
different variants for a long time now.

2. This worm is new.

3. The first part exploits PHP applications, like these variants
normally do.

4. The second part spreads to other systems.

5. The worm connects to a botnet C&C based on two Fast-flux DNS RR's
which are not there anymore, and as they change, are taken down.

As always, more updates if necessary on: http://blog.securiteam.com

Thanks,

        Gadi. 

-- 
http://blogs.securiteam.com/
"Out of the box is where I live".
	-- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Feb 18 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]