Hi all.
As addition to my previous mail: the source is now available for
download at the following URL:
http://217.24.0.78/bugtraq.c.txt
One thing that makes me wonder: after I wrote my first few lines about
the attack on the rlx blade server that we experienced, someone gave a
correct hint to the worm (describing it with some of its actions), and
also mentioned a URL for the source code of the worm. When looking at
that source (http://dammit.lt/apache-worm/apache-worm.c) it is quite
obviously that "our" source is totally different. Is there a second
variant of the worm, or is this another worm using the same exploit?
Bye, Mike