Full Disclosure mailing list archives

Re: Possible apache2/php 4.3.9 worm

From: Ron Brogden <domains () islandnet com>
Date: Tue, 21 Dec 2004 10:43:38 -0800

On December 21, 2004 07:32, Alex Schultz wrote:

Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
apache.  
<ADDRESS><b>NeverEverNoSanity WebWorm generation 17.</b></ADDRESS>


Looks like this is the fallout from a recent phpBB hole:

http://www.pcpro.co.uk/news/67505/santya-sparks-messageboard-infection-epidemic.html

Cheers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Possible apache2/php 4.3.9 worm Alex Schultz (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Pamela Patterson (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Paul Schmehl (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Ron Brogden (Dec 21)
  - Re: Possible apache2/php 4.3.9 worm Brendan Dolan-Gavitt (Dec 21)
  - Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 22)
    - Re: Possible apache2/php 4.3.9 worm Barrie Dempster (Dec 22)
    - Re: Possible apache2/php 4.3.9 worm dk (Dec 22)
    - Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 23)
    - Re: Possible apache2/php 4.3.9 worm dk (Dec 27)
- Re: Possible apache2/php 4.3.9 worm Juan Carlos Navea (Dec 21)
  - Re: Possible apache2/php 4.3.9 worm milw0rm Inc. (Dec 22)
- <Possible follow-ups>
- Re: Possible apache2/php 4.3.9 worm Feher Tamas (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Joe Stewart (Dec 21)

(Thread continues...)