Full Disclosure mailing list archives
OpenSSL Worm ?
From: nick () virus-l demon co uk (Nick FitzGerald)
Date: Sat, 14 Sep 2002 14:35:21 +1200
New news. There is a new apache worm, based on the scalper worm from June.
Yes, but posting a link to the old code without clarifying that it is the previous thing and the current one is possibly modelled on it, is misleading at best. <<snip>>
The worm leaves no entry in httpd.log and does not crash Apache. After exploiting the server, it uploads its source as /tmp/.bugtraq.c and compiles it as /tmp/.bugtraq
...and listens on port 2002 UDP for commands to launch various DoS atatcks. It also seems to have code to cooperate with other similar agents in a DDoS network.
The kiddies are surely having fun at the moment.
For sure... Regards, Nick FitzGerald
Current thread:
- OpenSSL Worm ? Ka (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Solar Eclipse (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? Helmut Springer (Sep 14)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Len Rose (Sep 13)
- OpenSSL Worm ? David Kennedy CISSP (Sep 13)