| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4007E5BB.2300.535396A2@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: ftp worm ? Robert Perriero <perrieror1@...l.montclair.edu> wrote: > I would be willing to bet that this is a modified "pub scanner". Similar > to the apache exploit posted, it appears as if it attempts to connect to > machines using known user accounts and passwords. It probably isn't a > worm, but rather someone behind a keyboard attempting to find a place to > store warez. Your knowledge of pubstro is a tad out of date. Many pubstro kits have, for ages, included various kinds of vulnerability scanners. More recently (like at least 18 months ago?) semi-automatic "find the next victim" features were also being added to some pubstro kit, culminating in at least some fully automated, self-spreading pubstro agents. In most people's mind, that makes them worms... I agree that the detects could be evidence of such scanning. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists