Full Disclosure mailing list archives
Re: update on the linux worm
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Sun, 19 Feb 2006 23:38:29 +0200 (EET)
It is likely that XML-RPC for PHP vulnerabilites are same as being exploited in last November, the list of affected products is very long:On Sunday 19 February 2006 16:27, Micheal Turner wrote: > Could you clarify what vulnerabilities are being > exploited in the PHP applications ? > To my knowledge: mambo, phpgroupware and wordpress. I submitted a sample to Clamav AV yesterday.
http://www.osvdb.org/displayvuln.php?osvdb_id=17793This conclusion is because of same malware name being used now, several AV vendors say this is a variant of Linux.Lupper, BDS/Katien etc.
AntiVir recognises it as Worm/Linux.Lupper.B, Kaspersky Anti-Virus as Net-Worm.Linux.Mare.e. Others don't.F.
Some other vendors has protection too. According to Web sites of AV vendors Sophos sees this as Linux/Lupper-H and Trend uses name ELF_MARE.C (Executable Linux File), only some examples listed.
- Juha-Matti _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- update on the linux worm Gadi Evron (Feb 18)
- Re: update on the linux worm Micheal Turner (Feb 19)
- Re: update on the linux worm Filbert (Feb 19)
- Re: update on the linux worm Boris Filipov (Feb 19)
- Re: update on the linux worm Filbert (Feb 19)
- Re: update on the linux worm Stephen J. Smoogen (Feb 20)
- <Possible follow-ups>
- Re: update on the linux worm Juha-Matti Laurio (Feb 19)
- Re: update on the linux worm Juha-Matti Laurio (Feb 19)
- Re: update on the linux worm Byron Copeland (Feb 22)
- Re: update on the linux worm Micheal Turner (Feb 19)