From owner-freebsd-security Fri Jun 28 17: 4: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D927337B401 for ; Fri, 28 Jun 2002 17:04:01 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6F2643E1D for ; Fri, 28 Jun 2002 17:03:59 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA04519; Fri, 28 Jun 2002 18:03:30 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020628180253.038e7af0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 28 Jun 2002 18:03:28 -0600 To: Jonas M Luster , Domas Mituzas From: Brett Glass Subject: Re: apache-worm.c Cc: bugtraq@securityfocus.com, freebsd-security@FreeBSD.ORG In-Reply-To: <20020628165815.A34506@baysec.org> References: <20020628222723.G59739-100000@axis.tdd.lt> <20020628222723.G59739-100000@axis.tdd.lt> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:58 PM 6/28/2002, Jonas M Luster wrote: >This seems to be a different source than the one, the binary was >compiled from. The binary uses a lynx version string while this one >uses User-Agent: Mozilla/4.75 [en] instead. Aha! Perhaps the worm's author was seeking to mislead Domas, and others, about what it did and how. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message