lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: pauls at (Schmehl, Paul L)
Subject: (no subject)

The chances are extremely good that the IP you're seeing is JAHB (just
another hacked box.)

Paul Schmehl (
Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member

> -----Original Message-----
> From: 
> [] On Behalf Of 
> Francisco Guerreiro
> Sent: Thursday, October 03, 2002 7:59 AM
> To:
> Subject: [Full-Disclosure] (no subject)
> hi folks..
> I was meddling in a friend's box when I came across a weird 
> file in /tmp with apache perms. I thought it was a exploit to 
> obtain root since the machine was vuln to the openssl 
> problem, but it turned out to be something else. attached I 
> send the stuff I found, it's quite self explanatory. I've 
> looked at it for a few minutes, it's the slaper code, with 
> some comments and a shell script that ghaters info about the 
> box and send's it to an email account at . The ip 
> that is written on the worm resolves to an adsl acount on 
> some ISP, i guess it is somekind of target since it would be 
> quite stupid to put your home ip on a worm.

Powered by blists - more mailing lists