Re: Apache worm in the wild

From: wink (winkat_private)
Date: Fri Jun 28 2002 - 11:10:05 PDT

Next message: Domas Mituzas: "apache-worm.c"

Previous message: Trustix Secure Linux Advisor: "TSL-2002-0059 - openssh"
In reply to: Domas Mituzas: "Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Running strings on the binary amongst other things produces an ip address
(12.127.17.71) that resolves to dns-rs1.bgtmo.ip.att.net, and also:

FreeBSD 4.5 x86 / Apache/1.3.22-24 (Unix)
FreeBSD 4.5 x86 / Apache/1.3.20 (Unix)

I went ahead and touch'ed .a, .uua, and .log in /tmp and chflags to set them
immutable as I didn't see any real error handling on failed i/o operations.
Some other strings not mentioned yet are:

rm -rf /tmp/.a;cat > /tmp/.uua << __eof__;
mv /tmp/tmp /tmp/init;export PATH="/tmp";init %s

that's all i have time for at the moment.

Next message: Domas Mituzas: "apache-worm.c"
Previous message: Trustix Secure Linux Advisor: "TSL-2002-0059 - openssh"
In reply to: Domas Mituzas: "Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 14:39:26 PDT