From owner-freebsd-security  Fri Jun 28  9:28:24 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 721AE37B400
	for <freebsd-security@freebsd.org>; Fri, 28 Jun 2002 09:28:15 -0700 (PDT)
Received: from neptun.twoj.pl (neptun.goo.pl [80.48.39.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8FB5043E06
	for <freebsd-security@freebsd.org>; Fri, 28 Jun 2002 09:28:14 -0700 (PDT)
	(envelope-from bugtraq-return-5389-cinek=goo.pl@securityfocus.com)
Received: by neptun.twoj.pl (Postfix, from userid 107)
	id 63C553AC07; Fri, 28 Jun 2002 18:28:13 +0200 (CEST)
Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [66.38.151.27])
	by neptun.twoj.pl (Postfix) with ESMTP id 2A6B33ABD3
	for <cinek@goo.pl>; Fri, 28 Jun 2002 18:28:09 +0200 (CEST)
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
	by outgoing.securityfocus.com (Postfix) with QMQP
	id C32E0A31D9; Fri, 28 Jun 2002 09:55:53 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15439 invoked from network); 28 Jun 2002 11:01:09 -0000
X-Authentication-Warning: axis.tdd.lt: midom owned process doing -bs
Date: Fri, 28 Jun 2002 13:01:32 +0200 (EET)
From: Domas Mituzas <domas.mituzas@microlink.lt>
X-X-Sender: midom@axis.tdd.lt
To: freebsd-security@freebsd.org
Cc: bugtraq@securityfocus.com, <os_bsd@konferencijos.lt>
Subject: Apache worm in the wild
Message-ID: <20020628125817.O68824-100000@axis.tdd.lt>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

our honeypot systems trapped new apache worm(+trojan) in the wild. It
traverses through the net, and installs itself on all vulnerable apaches
it finds. No source code available yet, but I put the binaries into public
place, and more investigation is to be done.

http://dammit.lt/apache-worm/

Regards,
Domas Mituzas

Central systems @ MicroLink Data




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message