| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03398ED3@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: (no subject) The chances are extremely good that the IP you're seeing is JAHB (just another hacked box.) Paul Schmehl (pauls@...allas.edu) Department Coordinator The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Francisco Guerreiro > Sent: Thursday, October 03, 2002 7:59 AM > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] (no subject) > > > hi folks.. > I was meddling in a friend's box when I came across a weird > file in /tmp with apache perms. I thought it was a exploit to > obtain root since the machine was vuln to the openssl > problem, but it turned out to be something else. attached I > send the stuff I found, it's quite self explanatory. I've > looked at it for a few minutes, it's the slaper code, with > some comments and a shell script that ghaters info about the > box and send's it to an email account at yahoo.com . The ip > that is written on the worm resolves to an adsl acount on > some ISP, i guess it is somekind of target since it would be > quite stupid to put your home ip on a worm.
Powered by blists - more mailing lists