| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060219152747.68461.qmail@web25501.mail.ukl.yahoo.com> Date: Sun Feb 19 15:27:55 2006 From: wh1t3h4t3 at yahoo.co.uk (Micheal Turner) Subject: update on the linux worm Could you clarify what vulnerabilities are being exploited in the PHP applications ? --- Gadi Evron <ge@...uxbox.org> wrote: > A quick digest of some updates from the last few > hours on this issue: > > 1. The worm is based on 'kaiten', which has been > going around in > different variants for a long time now. > > 2. This worm is new. > > 3. The first part exploits PHP applications, like > these variants > normally do. > > 4. The second part spreads to other systems. > > 5. The worm connects to a botnet C&C based on two > Fast-flux DNS RR's > which are not there anymore, and as they change, are > taken down. > > As always, more updates if necessary on: > http://blog.securiteam.com > > Thanks, > > Gadi. > > -- > http://blogs.securiteam.com/ > > "Out of the box is where I live". > -- Cara "Starbuck" Thrace, Battlestar Galactica. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > ___________________________________________________________ Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
Powered by blists - more mailing lists