Re: Apache worm in the wild

From: Mihai (Cop) Moldovanu (mihaimat_private)
Date: Fri Jun 28 2002 - 12:46:06 PDT

Next message: Peter Watkins: "Re: XSS in HTDIG"

Previous message: Domas Mituzas: "Apache worm in the wild"
In reply to: Domas Mituzas: "Apache worm in the wild"
Next in thread: wink: "Re: Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Domas Mituzas said:
> Hi,
>
> our honeypot systems trapped new apache worm(+trojan) in the wild. It
> traverses through the net, and installs itself on all vulnerable
> apaches it finds. No source code available yet, but I put the binaries
> into public place, and more investigation is to be done.
>
> http://dammit.lt/apache-worm/
>
> Regards,
> Domas Mituzas
>
> Central systems @ MicroLink Data

I dissasembled it. Was a good thing that executable was not stripped.
Result is here :
http://projects.tfm.ro/security/apache_worm/

I will look deeper into it tonight.


Best Regards ,
-- 
TFM Group . Linux Division .
Mihai Moldovanu
http://www.tfm.ro/
http://portal.tfm.ro/

Next message: Peter Watkins: "Re: XSS in HTDIG"
Previous message: Domas Mituzas: "Apache worm in the wild"
In reply to: Domas Mituzas: "Apache worm in the wild"
Next in thread: wink: "Re: Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 13:14:54 PDT