Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: new linux malware
From: "GroundZero Security" <fd () g-0 org>
Date: Sun, 19 Feb 2006 06:24:23 +0100

you said you are not quiet sure what this is and posted
those strings which clearly are from an old irc bot with
DoS functionality

----- Original Message ----- 
From: "Gadi Evron" <ge () linuxbox org>
To: "GroundZero Security" <fd () g-0 org>
Cc: <full-disclosure () lists grok org uk>
Sent: Sunday, February 19, 2006 5:46 AM
Subject: Re: [Full-disclosure] new linux malware


GroundZero Security wrote:
oh my god this is a stone old DoS irc bot.
you can find the source on packetstorm :P
its by no means "new" maybe it has been modified 
by some kid that changed the printf()'s, but this is
no news at all.


Wrong. The first part is the regular PHP worms we see for a while now. 
Take a second look if you do have the sample.

Gadi.

-- 
http://blogs.securiteam.com/

"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault