Full Disclosure: Re: new linux malware

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: new linux malware

From: "GroundZero Security" <fd () g-0 org>
Date: Sun, 19 Feb 2006 06:24:23 +0100

you said you are not quiet sure what this is and posted
those strings which clearly are from an old irc bot with
DoS functionality

----- Original Message ----- 
From: "Gadi Evron" <ge () linuxbox org>
To: "GroundZero Security" <fd () g-0 org>
Cc: <full-disclosure () lists grok org uk>
Sent: Sunday, February 19, 2006 5:46 AM
Subject: Re: [Full-disclosure] new linux malware

GroundZero Security wrote:

oh my god this is a stone old DoS irc bot.
you can find the source on packetstorm :P
its by no means "new" maybe it has been modified 
by some kid that changed the printf()'s, but this is
no news at all.


Wrong. The first part is the regular PHP worms we see for a while now. 
Take a second look if you do have the sample.

Gadi.

-- 
http://blogs.securiteam.com/

"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

new linux malware Gadi Evron (Feb 18)
- Re: new linux malware GroundZero Security (Feb 18)
  - Re: new linux malware Gadi Evron (Feb 18)
    - Re: new linux malware GroundZero Security (Feb 18)
    - Re: new linux malware Gadi Evron (Feb 18)
- Re: new linux malware Marco Monicelli (Feb 20)
  - Re: new linux malware Gadi Evron (Feb 20)