Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jun 2002 22:46:06 +0300 (EEST)
From:      "Mihai (Cop) Moldovanu" <mihaim@tfm.ro>
To:        <domas.mituzas@microlink.lt>
Cc:        <freebsd-security@freebsd.org>, <bugtraq@securityfocus.com>, <os_bsd@konferencijos.lt>
Subject:   Re: Apache worm in the wild
Message-ID:  <32946.80.97.81.54.1025293566.squirrel@mihai.tfm.ro>
In-Reply-To: <20020628125817.O68824-100000@axis.tdd.lt>
References:  <20020628125817.O68824-100000@axis.tdd.lt>

next in thread | previous in thread | raw e-mail | index | archive | help
Domas Mituzas said:
> Hi,
>
> our honeypot systems trapped new apache worm(+trojan) in the wild. It
> traverses through the net, and installs itself on all vulnerable
> apaches it finds. No source code available yet, but I put the binaries
> into public place, and more investigation is to be done.
>
> http://dammit.lt/apache-worm/
>
> Regards,
> Domas Mituzas
>
> Central systems @ MicroLink Data

I dissasembled it. Was a good thing that executable was not stripped.
Result is here :
http://projects.tfm.ro/security/apache_worm/

I will look deeper into it tonight.


Best Regards ,
-- 
TFM Group . Linux Division .
Mihai Moldovanu
http://www.tfm.ro/
http://portal.tfm.ro/





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32946.80.97.81.54.1025293566.squirrel>