Full Disclosure mailing list archives
Re: new phpBB worm affects 2.0.11
From: ^^MAg^^ <rafal.kwasny () gmail com>
Date: Sat, 25 Dec 2004 16:27:55 +0100
On Fri, 24 Dec 2004 17:06:30 -0500, Herman Sheremetyev <herman () swebpage com> wrote:
My patched phpBB 2.0.11 running on FreeBSD 4.10 was exploited by a new variation of the worm this morning. I'm attaching the 2 perl scripts it installs, one is an irc bot the other the worm itself.
Are you sure it's because bug in 2.0.11 ? I see there only old hilight bug
-Herman
heh, this is soo lame
my @adms=("ssh"); # Nick do administrador #
16:22:31 [ Whois ssh (ssh () 233-140-117 xdsl-dinamico ctbcnetsuper com br) ] 16:22:31 : Ircname : Se fu ???? e dai ?? 16:22:31 : Domain : "Brazil" 16:22:31 : Channels : #staff #ssh 16:22:31 : Server : hub3.ssh.net [SSHWorms R0xNet Server] 16:22:31 --- End of Whois --- the person with this nick can controll all of this
my @canais=("#ssh echo"); # Caso haja senha ("#canal :senha") # $servidor='ssh.gigachat.net' unless $servidor; # Servidor de irc que vai ser usado #
/server ssh.gigachat.net /join #ssh echo everyone's invited ;) ( also #fuck_this_worm ) greets goes to prophecy who found it at the same time :) -- Greetings ^^MAg^^ mailto:/jid: mag () jabberpl org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new phpBB worm affects 2.0.11 Herman Sheremetyev (Dec 25)
- Re: new phpBB worm affects 2.0.11 Andrew Farmer (Dec 26)
- Re: new phpBB worm affects 2.0.11 ^^MAg^^ (Dec 27)
- Re: new phpBB worm affects 2.0.11 Andrew Farmer (Dec 27)
- <Possible follow-ups>
- Re: Re: new phpBB worm affects 2.0.11 Paul Laudanski (Dec 29)