Security Incidents mailing list archives

Re: FW: Apache worm in the wild

From: Skip Carter <skip () taygeta com>
Date: Fri, 28 Jun 2002 11:32:13 -0700

-------Original Message-----
From: Domas Mituzas [mailto:domas.mituzas () microlink lt]
Sent: Friday, June 28, 2002 7:02 AM
To: freebsd-security () freebsd org
Cc: bugtraq () securityfocus com; os_bsd () konferencijos lt
Subject: Apache worm in the wild

Hi,

our honeypot systems trapped new apache worm(+trojan) in the wild. It
traverses through the net, and installs itself on all vulnerable apaches
it finds. No source code available yet, but I put the binaries into public
place, and more investigation is to be done.

http://dammit.lt/apache-worm/


Looks like you should check out what is in /bin/.log


-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            












----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

FW: Apache worm in the wild suniljames (Jun 28)
- Re: FW: Apache worm in the wild Skip Carter (Jun 28)