Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rumours about Apache 1.3.22 exploits

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 05 Mar 2002 10:04:14 -0800
VeNoMouS wrote:


Ive looked into this a little bit more and it adds 8.7KB of data to any elf
file it finds on your system


I don't think the exploit itself is trojaned, as others on this thread 
have indicated.  Rather, the exploit has been infected with some
virus that opens a backdoor, like RST and RST.b.  


it does apare to be some type of virii back door, plz find attached a clean
and a infected version of grep 2.4.2 (GNU) from a rh 6.2 box it appends its
data to the end of the elf but have been unsuccsessful reverse engineing it
so far.


Whoops, I didn't catch that when I read the note the first time.
I don't normally (now) send virus code through to the list.
At least no one needs to ask for samples. :)

Obviously, please take great care with the infected file.  If it's
like RST, it will open a backdoor, and call home to tell someone
about it.  You will be r00ted.

                                        BB
Previous By Date Next
Previous By Thread Next

Current thread: