lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <31448123.264281140385109278.JavaMail.juha-matti.laurio@netti.fi>
Date: Sun Feb 19 21:38:36 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: update on the linux worm

> On Sunday 19 February 2006 16:27, Micheal Turner wrote:
> > Could you clarify what vulnerabilities are being
> > exploited in the PHP applications ?
> >
> 
> To my knowledge: mambo, phpgroupware and wordpress.
> I submitted a sample to Clamav AV yesterday.
> 
It is likely that XML-RPC for PHP vulnerabilites are same as being 
exploited in last November, the list of affected products is very long:
http://www.osvdb.org/displayvuln.php?osvdb_id=17793

This conclusion is because of same malware name being used now, several 
AV vendors say this is a variant of Linux.Lupper, BDS/Katien etc.

> AntiVir recognises it as Worm/Linux.Lupper.B,  Kaspersky Anti-Virus as 
> Net-Worm.Linux.Mare.e. Others don't.
> 
> F.

Some other vendors has protection too. According to Web sites of AV 
vendors Sophos sees this as Linux/Lupper-H and Trend uses name 
ELF_MARE.C (Executable Linux File), only some examples listed.

- Juha-Matti

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ