[37984] in bugtraq
RE: phpBB Worm
daemon@ATHENA.MIT.EDU (Chris Ess)
Sat Dec 25 14:47:02 2004
Date: Fri, 24 Dec 2004 23:49:47 -0500 (EST)
From: Chris Ess <securityfocus@cae.tokimi.net>
To: Ofer Shezaf <Ofer.Shezaf@breach.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <01FE74AA95A56946ADF84A4976618B9791F10D@utopiasystems.net>
Message-ID: <Pine.LNX.4.58L1.0412242347410.2658@ryoko.tokimi.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> eval{
> while(my @a = getpwent()) { push(@dirs, $a[7]);}
> };
>
> push(@dirs, '/ ');
[...]
> Additionally, on Windows the worm would affect files on a single disk.
In generation 9 of the worm, there is the following code after what you
include:
for my $l ('A' .. 'Z') {
push(@dirs, $l . ':');
}
What I get out of this is that the worm should try iterating down every
available drive on a Windows server. I haven't tested this on a Windows
machine running ActivePerl yet though.
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
