[Full-disclosure] update on the linux worm
wh1t3h4t3 at yahoo.co.uk
Sun Feb 19 15:27:47 GMT 2006
Could you clarify what vulnerabilities are being
exploited in the PHP applications ?
--- Gadi Evron <ge at linuxbox.org> wrote:
> A quick digest of some updates from the last few
> hours on this issue:
> 1. The worm is based on 'kaiten', which has been
> going around in
> different variants for a long time now.
> 2. This worm is new.
> 3. The first part exploits PHP applications, like
> these variants
> normally do.
> 4. The second part spreads to other systems.
> 5. The worm connects to a botnet C&C based on two
> Fast-flux DNS RR's
> which are not there anymore, and as they change, are
> taken down.
> As always, more updates if necessary on:
> "Out of the box is where I live".
> -- Cara "Starbuck" Thrace, Battlestar Galactica.
> Full-Disclosure - We believe in it.
> Hosted and sponsored by Secunia -
Yahoo! Photos NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.