nanog mailing list archives
Re: Sanity worm defaces websites using php bug
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Dec 2004 23:26:27 +0200
cw wrote:
Does anyone have any more detail on exactly what this thing does after it gets into a system?
Check *any* AV web site.
The cgi platform for a company I use has been hit and the effect is not just limited to phpBB, it seems to get into the server and then go through everything it can write to..
Naturally. This can teach you a few lessons, ranging from, but not limited to: 1. Using packages that have a heigher rate of disclosed vulnerabilities than....
2. Using packages that demand certain privileges. 3. Not limiting privileges. 4. Not patching.
I lost a copy of UBB to this worm even though I don't rund phpBB off the same vhost.Gonna be a nightmare for server ops to ensure that all client copies of phpBB are patched..
It shouldn't be a nightmare for people to do proper patching, especially when it is not a client application at all (I got what you meant..).
A few months ago I heard and later made a joke about creating a random program that will build fake PHP applications advisories and email them to bugtraq daily. That's pretty much how it looks like today, as it is.
This worm is finite, it won't last virtually forever like some other worms. I haven't looked at it yet, but my bet would be most of its harm is overhead of wasted traffic.
Gadi.
Current thread:
- Sanity worm defaces websites using php bug Fergie (Paul Ferguson) (Dec 21)
- Re: Sanity worm defaces websites using php bug Dan Hollis (Dec 21)
- Re: Sanity worm defaces websites using php bug cw (Dec 21)
- Re: Sanity worm defaces websites using php bug Dave Dennis (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 21)
- Re: Sanity worm defaces websites using php bug Paul G (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 21)
- Re: Sanity worm defaces websites using php bug cw (Dec 21)
- Re: Sanity worm defaces websites using php bug Gadi Evron (Dec 22)
- <Possible follow-ups>
- Re: Sanity worm defaces websites using php bug sgorman1 (Dec 21)
- Re: Sanity worm defaces websites using php bug sgorman1 (Dec 21)
- Re: Sanity worm defaces websites using php bug Dan Hollis (Dec 21)