Vulnerability Development mailing list archives
Re: Rumours about Apache 1.3.22 exploits
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 05 Mar 2002 10:04:14 -0800
VeNoMouS wrote:
Ive looked into this a little bit more and it adds 8.7KB of data to any elf file it finds on your system
I don't think the exploit itself is trojaned, as others on this thread have indicated. Rather, the exploit has been infected with some virus that opens a backdoor, like RST and RST.b.
it does apare to be some type of virii back door, plz find attached a clean and a infected version of grep 2.4.2 (GNU) from a rh 6.2 box it appends its data to the end of the elf but have been unsuccsessful reverse engineing it so far.
Whoops, I didn't catch that when I read the note the first time. I don't normally (now) send virus code through to the list. At least no one needs to ask for samples. :) Obviously, please take great care with the infected file. If it's like RST, it will open a backdoor, and call home to tell someone about it. You will be r00ted. BB
Current thread:
- Re: Rumours about Apache 1.3.22 exploits VeNoMouS (Mar 04)
- Re: Rumours about Apache 1.3.22 exploits KF (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits VeNoMouS (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits Blue Boar (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits KF (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits Erik Tayler (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits Charles 'core' Stevenson (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Mar 05)
- Re: Rumours about Apache 1.3.22 exploits adamb (Mar 06)
- Re: Rumours about Apache 1.3.22 exploits Richard Hamnett (Mar 06)
- Re: Rumours about Apache 1.3.22 exploits Vanja Hrustic (Mar 06)
- Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client adamb (Mar 06)
- Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client Sean Davis (Mar 06)
- Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client Manuel Bouyer (Mar 08)
- Re: Rumours about Apache 1.3.22 exploits adamb (Mar 06)