Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: update on the linux worm
From: Micheal Turner <wh1t3h4t3 () yahoo co uk>
Date: Sun, 19 Feb 2006 15:27:47 +0000 (GMT)

Could you clarify what vulnerabilities are being
exploited in the PHP applications ? 

--- Gadi Evron <ge () linuxbox org> wrote:

A quick digest of some updates from the last few
hours on this issue:

1. The worm is based on 'kaiten', which has been
going around in 
different variants for a long time now.

2. This worm is new.

3. The first part exploits PHP applications, like
these variants 
normally do.

4. The second part spreads to other systems.

5. The worm connects to a botnet C&C based on two
Fast-flux DNS RR's 
which are not there anymore, and as they change, are
taken down.

As always, more updates if necessary on:
http://blog.securiteam.com

Thanks,

      Gadi.

-- 
http://blogs.securiteam.com/

"Out of the box is where I live".
      -- Cara "Starbuck" Thrace, Battlestar Galactica.
_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/




                
___________________________________________________________ 
Yahoo! Photos – NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault