From owner-freebsd-security Fri Jun 28 4: 1:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B83737B405 for ; Fri, 28 Jun 2002 04:01:35 -0700 (PDT) Received: from axis.tdd.lt (axis.tdd.lt [213.197.128.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id E39C043E06 for ; Fri, 28 Jun 2002 04:01:33 -0700 (PDT) (envelope-from domas.mituzas@microlink.lt) Received: from localhost (midom@localhost) by axis.tdd.lt (8.11.6/8.11.6) with ESMTP id g5SB1W770775; Fri, 28 Jun 2002 13:01:32 +0200 (EET) (envelope-from domas.mituzas@microlink.lt) X-Authentication-Warning: axis.tdd.lt: midom owned process doing -bs Date: Fri, 28 Jun 2002 13:01:32 +0200 (EET) From: Domas Mituzas X-X-Sender: midom@axis.tdd.lt To: freebsd-security@freebsd.org Cc: bugtraq@securityfocus.com, Subject: Apache worm in the wild Message-ID: <20020628125817.O68824-100000@axis.tdd.lt> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, our honeypot systems trapped new apache worm(+trojan) in the wild. It traverses through the net, and installs itself on all vulnerable apaches it finds. No source code available yet, but I put the binaries into public place, and more investigation is to be done. http://dammit.lt/apache-worm/ Regards, Domas Mituzas Central systems @ MicroLink Data To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message