Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: what else you can do with worm networks...fun, profit, etc

what else you can do with worm networks...fun, profit, etc

From: Anton A. Chuvakin <anton_at_chuvakin.org>
Date: Mon, 9 Dec 2002 13:27:24 -0500 (EST)

Hi all,

Just saw something rather amusing brought by the worm tide :-) A little
nasty daemon (named "httpd") was deployed by whoever hit our Apache/SSL
honeypot. Another mod of the good ole slapper, but! here are some funny
strings from the binary:

...
find /|grep -i "order"
search.log
rm -rf search.log
...
and some hard coded addresses on where to send the stuff...

The telltale sign in the /tmp: ".fontunix" (with no dash unlike the real
thing).

Get paid from collecting order data from lame web servers - heh, an idea?

Best, 

-- 
  Anton A. Chuvakin, Ph.D., GCIA
     http://www.chuvakin.org
   http://www.info-secure.org
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Dec 10 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos