Date: Fri, 28 Jun 2002 22:46:06 +0300 (EEST) From: "Mihai (Cop) Moldovanu" <mihaim@tfm.ro> To: <domas.mituzas@microlink.lt> Cc: <freebsd-security@freebsd.org>, <bugtraq@securityfocus.com>, <os_bsd@konferencijos.lt> Subject: Re: Apache worm in the wild Message-ID: <32946.80.97.81.54.1025293566.squirrel@mihai.tfm.ro> In-Reply-To: <20020628125817.O68824-100000@axis.tdd.lt> References: <20020628125817.O68824-100000@axis.tdd.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
Domas Mituzas said: > Hi, > > our honeypot systems trapped new apache worm(+trojan) in the wild. It > traverses through the net, and installs itself on all vulnerable > apaches it finds. No source code available yet, but I put the binaries > into public place, and more investigation is to be done. > > http://dammit.lt/apache-worm/ > > Regards, > Domas Mituzas > > Central systems @ MicroLink Data I dissasembled it. Was a good thing that executable was not stripped. Result is here : http://projects.tfm.ro/security/apache_worm/ I will look deeper into it tonight. Best Regards , -- TFM Group . Linux Division . Mihai Moldovanu http://www.tfm.ro/ http://portal.tfm.ro/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32946.80.97.81.54.1025293566.squirrel>