mailing list archives
Re: new linux malware
From: "GroundZero Security" <fd () g-0 org>
Date: Sun, 19 Feb 2006 06:24:23 +0100
you said you are not quiet sure what this is and posted
those strings which clearly are from an old irc bot with
----- Original Message -----
From: "Gadi Evron" <ge () linuxbox org>
To: "GroundZero Security" <fd () g-0 org>
Cc: <full-disclosure () lists grok org uk>
Sent: Sunday, February 19, 2006 5:46 AM
Subject: Re: [Full-disclosure] new linux malware
GroundZero Security wrote:
oh my god this is a stone old DoS irc bot.
you can find the source on packetstorm :P
its by no means "new" maybe it has been modified
by some kid that changed the printf()'s, but this is
no news at all.
Wrong. The first part is the regular PHP worms we see for a while now.
Take a second look if you do have the sample.
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/