<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: WebWorm using PHPBB vulnerability in the wild!

WebWorm using PHPBB vulnerability in the wild!

From: Niki Denev <nike_d_at_cytexbg.com>
Date: Tue, 21 Dec 2004 01:42:22 +0200

There have been reports of WebWorm exploting PHPBB's urldecode
vulnerability.
The worm uses this to create a perl script on the server and start it.
After the perl script starts it wipes itself out, then begans to search
via google.com/advanced_search for exploitable viewtopic.php files part from
the vulnerable PHPBB distributions.
Then the worm replicates itself by using the vulnerability, and also
overwrites any files on the disk that it has permission to.
Machines running the worm script will have perl process with name 'm1ho2of'
running.
But this likely will change when the people start to notice it.
The possible solution is to patch or disable the vulnerable PHPBB
installations.

--niki

application/pgp-signature attachment: stored

Received on Dec 22 2004

This message: [ Message body ]
Next message: Shiva Persaud: "Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue)"
Previous message: David F. Skoll: "Re: DJB's students release 44 *nix software vulnerability advisories"
Next in thread: Nick Johnson: "Re: WebWorm using PHPBB vulnerability in the wild!"
Reply: Nick Johnson: "Re: WebWorm using PHPBB vulnerability in the wild!"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]