Bugtraq mailing list archives
update on the linux worm
From: Gadi Evron <ge () linuxbox org>
Date: Sun, 19 Feb 2006 07:36:03 +0200
A quick digest of some updates from the last few hours on this issue:1. The worm is based on 'kaiten', which has been going around in different variants for a long time now.
2. This worm is new.3. The first part exploits PHP applications, like these variants normally do.
4. The second part spreads to other systems.5. The worm connects to a botnet C&C based on two Fast-flux DNS RR's which are not there anymore, and as they change, are taken down.
As always, more updates if necessary on: http://blog.securiteam.com Thanks, Gadi. -- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica.
Current thread:
- update on the linux worm Gadi Evron (Feb 20)
- Re: update on the linux worm Stephen J. Smoogen (Feb 22)