Bugtraq mailing list archives
Re: new linux malware
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 20 Feb 2006 21:58:32 +0200
Marco Monicelli wrote:
Dear Gadi, this malware looks like the famous Kaiten IRC bot. If you want, I can send the source code of it but it is already known by most of AVs and I think the source is public nowadays. This must be just another variant and bytheway it's detected as far as I can see from your quoted informations so it shouldn't be dangerous.
Indeed, it has become an annoying trend everybody talks about but nobody writes about. Trojan horses, worms, etc. exploiting PHP bugs. Either vulnerabilities in know applications such as WordPress, PHPBB, Drupal, etc. or actually trying different permutations to attack the site.
Many of these are indeed based on the old kaiten code. As someone mentioned previously in this thread or another, it can even be found on packet storm.
Still, this one has a kick in the second payload with a worm that also attacks other systems and I can say is not just yet another PHP worm, but actually what I'd call linux malware.
Anyone else seeing their web server logs going crazy with new patterns every day? Email me, I am starting a sharing system where these can be shared mutually so we can better protect ourselves, create signatures, etc.
Anyway, tnx for keeping us updated!
:) Gadi. -- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica.
Current thread:
- new linux malware Gadi Evron (Feb 20)
- Re: new linux malware Christine Kronberg (Feb 21)
- PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron (Feb 22)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Christine Kronberg (Feb 21)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Thomas M. Payerle (Feb 26)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Feb 24)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jamie Riden (Feb 26)
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros (Feb 26)
- PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron (Feb 22)
- Re: new linux malware Christine Kronberg (Feb 21)
- Re: new linux malware Gadi Evron (Feb 22)
- Re: new linux malware Jamie Riden (Feb 23)