[Full-disclosure] update on the linux worm
Micheal Turner
wh1t3h4t3 at yahoo.co.uk
Sun Feb 19 15:27:47 GMT 2006
Could you clarify what vulnerabilities are being
exploited in the PHP applications ?
--- Gadi Evron <ge at linuxbox.org> wrote:
> A quick digest of some updates from the last few
> hours on this issue:
>
> 1. The worm is based on 'kaiten', which has been
> going around in
> different variants for a long time now.
>
> 2. This worm is new.
>
> 3. The first part exploits PHP applications, like
> these variants
> normally do.
>
> 4. The second part spreads to other systems.
>
> 5. The worm connects to a botnet C&C based on two
> Fast-flux DNS RR's
> which are not there anymore, and as they change, are
> taken down.
>
> As always, more updates if necessary on:
> http://blog.securiteam.com
>
> Thanks,
>
> Gadi.
>
> --
> http://blogs.securiteam.com/
>
> "Out of the box is where I live".
> -- Cara "Starbuck" Thrace, Battlestar Galactica.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
___________________________________________________________
Yahoo! Photos – NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.