[27031] in bugtraq
OpenSSL worm in the wild
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Sep 13 14:48:34 2002
Message-ID: <3D821D71.2000702@algroup.co.uk>
Date: Fri, 13 Sep 2002 18:16:33 +0100
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Bugtraq <BUGTRAQ@securityfocus.com>,
Cryptography <cryptography@wasabisystems.com>,
cypherpunks <cypherpunks@einstein.ssz.com>,
Apache SSL <apache-ssl@lists.aldigital.co.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
I have now seen a worm for the OpenSSL problems I reported a few weeks
back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should
be _seriously worried_.
It appears to be exclusively targeted at Linux systems, but I wouldn't
count on variants for other systems not existing.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
