The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


update on the linux worm


<< Previous INDEX Search src / Print Next >>
Date: Sun, 19 Feb 2006 07:36:03 +0200
From: Gadi Evron <ge@linuxbox.org.>
To: [email protected],
Subject: update on the linux worm
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Sat, 18 Feb 2006 23:40:02 -0600 (CST)
X-Virus-Scanned: antivirus-gw at tyumen.ru

A quick digest of some updates from the last few hours on this issue:

1. The worm is based on 'kaiten', which has been going around in 
different variants for a long time now.

2. This worm is new.

3. The first part exploits PHP applications, like these variants 
normally do.

4. The second part spreads to other systems.

5. The worm connects to a botnet C&C based on two Fast-flux DNS RR's 
which are not there anymore, and as they change, are taken down.

As always, more updates if necessary on: http://blog.securiteam.com

Thanks,

        Gadi.


-- 
http://blogs.securiteam.com/

"Out of the box is where I live".
        -- Cara "Starbuck" Thrace, Battlestar Galactica.


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру