[25992] in bugtraq
Re: Apache worm in the wild
daemon@ATHENA.MIT.EDU (Mihai (Cop) Moldovanu)
Fri Jun 28 16:29:01 2002
Message-ID: <32946.80.97.81.54.1025293566.squirrel@mihai.tfm.ro>
Date: Fri, 28 Jun 2002 22:46:06 +0300 (EEST)
From: "Mihai (Cop) Moldovanu" <mihaim@tfm.ro>
To: <domas.mituzas@microlink.lt>
In-Reply-To: <20020628125817.O68824-100000@axis.tdd.lt>
Cc: <freebsd-security@freebsd.org>, <bugtraq@securityfocus.com>,
<os_bsd@konferencijos.lt>
Reply-To: mihaim@tfm.ro
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Domas Mituzas said:
> Hi,
>
> our honeypot systems trapped new apache worm(+trojan) in the wild. It
> traverses through the net, and installs itself on all vulnerable
> apaches it finds. No source code available yet, but I put the binaries
> into public place, and more investigation is to be done.
>
> http://dammit.lt/apache-worm/
>
> Regards,
> Domas Mituzas
>
> Central systems @ MicroLink Data
I dissasembled it. Was a good thing that executable was not stripped.
Result is here :
http://projects.tfm.ro/security/apache_worm/
I will look deeper into it tonight.
Best Regards ,
--
TFM Group . Linux Division .
Mihai Moldovanu
http://www.tfm.ro/
http://portal.tfm.ro/
