Re: [Full-disclosure] update on the linux worm

[Micheal Turner <wh1t3h4t3@xxxxxxxxxxx>]

Could you clarify what vulnerabilities are being
exploited in the PHP applications ? 

--- Gadi Evron <ge@xxxxxxxxxxxx> wrote:

> A quick digest of some updates from the last few
> hours on this issue:
> 
> 1. The worm is based on 'kaiten', which has been
> going around in 
> different variants for a long time now.
> 
> 2. This worm is new.
> 
> 3. The first part exploits PHP applications, like
> these variants 
> normally do.
> 
> 4. The second part spreads to other systems.
> 
> 5. The worm connects to a botnet C&C based on two
> Fast-flux DNS RR's 
> which are not there anymore, and as they change, are
> taken down.
> 
> As always, more updates if necessary on:
> http://blog.securiteam.com
> 
> Thanks,
> 
>       Gadi.
> 
> -- 
> http://blogs.securiteam.com/
> 
> "Out of the box is where I live".
>       -- Cara "Starbuck" Thrace, Battlestar Galactica.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
> 



                
___________________________________________________________ 
Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo 
http://uk.photos.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/