Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")

From: GiulioMaria Fontana (fontanaat_private)
Date: Thu Oct 17 2002 - 10:53:42 PDT

Next message: daniel.robertsat_private: "Linux Kernel Exploits / ABFrag"

Previous message: cory: "Re: HTTP attack looking for /sumthin ?"
Next in thread: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
Reply: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Il Wednesday 25 September 2002 01:02, James P. Kinney III ha scritto:

> I was attacked by a variant of the slapper worm called "cinik". I got
> lucky and caught the intruder in the act and managed to get the source
> code before it was removed and I shut him out. 

I found in a server in my subnet some sources of that worm (.cinik.go) but I 
even found an .ink.go
Both are script shell but they differs in the use of the name "ink" instead of 
"cinik" and in the address mail to which the informations are sent.
What should I do with that mail address?

Giulio


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: daniel.robertsat_private: "Linux Kernel Exploits / ABFrag"
Previous message: cory: "Re: HTTP attack looking for /sumthin ?"
Next in thread: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
Reply: Jose Nazario: "Re: Slapper worm "ink" instead of "cinik" (Re: slapper worm varient "cinik")"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 13:26:37 PDT