A quick digest of some updates from the last few hours on this issue:
1. The worm is based on 'kaiten', which has been going around in
different variants for a long time now.
2. This worm is new.
3. The first part exploits PHP applications, like these variants
normally do.
4. The second pa
GroundZero Security wrote:
you said you are not quiet sure what this is and posted
those strings which clearly are from an old irc bot with
DoS functionality
:)
I also posted a URL for updates.. well..
What bot doesn't rip from previous ones?
--
http://blogs.securiteam.com/
"Out of the box
you said you are not quiet sure what this is and posted
those strings which clearly are from an old irc bot with
DoS functionality
- Original Message -
From: "Gadi Evron" <[EMAIL PROTECTED]>
To: "GroundZero Security" <[EMAIL PROTECTED]>
Cc:
Sent: Sunday, February 19, 2006 5:46 AM
Subject
GroundZero Security wrote:
oh my god this is a stone old DoS irc bot.
you can find the source on packetstorm :P
its by no means "new" maybe it has been modified
by some kid that changed the printf()'s, but this is
no news at all.
Wrong. The first part is the regular PHP worms we see for a wh
> version
> of client
> NOTICE %s :KILLALL = Kills all
> current packeting
> NOTICE %s :HELP = Displays this
> NOTICE %s :IRC = Sends this
> command to the server
> NOTIC
Taken from IP:
The New Face of Phishing
By Brian Krebs | February 13, 2006
Now here's where it gets really interesting. The phishing site, which
is still up at the time of this writing, is protected by a Secure
Sockets Layer (SSL) encryption certificate issued by a division of
the credit r
On Sat, 18 Feb 2006 17:03:20 EST, [EMAIL PROTECTED] said:
> helo jojo
Lack of a fully qualified domain name.
> 250 esgeop03.whitehouse.gov Hello [xxx.xxx.xxx.xxx], pleased to meet you
> mail from:[EMAIL PROTECTED]
mail from:<[EMAIL PROTECTED]>
> 250 2.1.0 [EMAIL PROTECTED] Sender ok
> rcpt to:
= Displays this
NOTICE %s :IRC = Sends this
command to the server
NOTICE %s :SH = Executes a
command
'session', current detection:
AntiVir 6.33.1.50/20060218 found [BDS/Katien.R]
Avast 4.6.695.
Mar,
You are a dork... but thanks for posting this to the world, its very
useful, we'll get right on fixing this, can we fix you too?
[EMAIL PROTECTED] wrote:
> whitehouse.gov MX 100 mailhub-wh2.whitehouse.gov
> [EMAIL PROTECTED]:~$
> [EMAIL PROTECTED]:~$ telnet mailhub-wh2.whit
whitehouse.gov MX 100 mailhub-wh2.whitehouse.gov
[EMAIL PROTECTED]:~$
[EMAIL PROTECTED]:~$ telnet mailhub-wh2.whitehouse.gov 25
Trying 63.161.169.140...
Connected to mailhub-wh2.whitehouse.gov.
Escape character is '^]'.
220 whitehouse.gov ESMTP service at Sun, 12 Feb 2006 11:29:38 -0
-
Fedora Legacy Update Advisory
Synopsis: Updated squid package fixes security issues
Advisory ID: FLSA:152809
Issue date:2006-02-18
Product: Red Hat Linux, Fedora Core
Keywords:
-
Fedora Legacy Update Advisory
Synopsis: Updated Apache httpd packages fix security issues
Advisory ID: FLSA:175406
Issue date:2006-02-18
Product: Red Hat Linux, Fedora Core
Keyword
-
Fedora Legacy Update Advisory
Synopsis: Updated openssh packages fix security issues
Advisory ID: FLSA:168935
Issue date:2006-02-18
Product: Red Hat Linux, Fedora Core
Keywords:
Babak Pasdar wrote:
Here is a link to a blog entry I did on CALEA. I think you might find
it interesting.
http://dsb.igxglobal.com/plugins/content/content.php?content.29
Babak
On Fri, 2006-02-17 at 08:02 -0600, Leif Ericksen wrote:
Yikes but go figure... That is step
*SyScan'06 CALL FOR PAPER*
***ABOUT SYSCAN’06***
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with.
SyScan’06 intend
He isn't saying that the exploit is NEW, he says its the latest..
-Oorspronkelijk bericht-
Van: Marco Monicelli [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 14 februari 2006 8:37
Aan: Mark Heiligen
CC: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Onderwerp: Re: Latest wu-f
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200602-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Thank you so much for all this fantastic advice!I'm going to look at my options (and my bank balance) and probably hit eBay in a couple of days.The virtual lab does look tempting, but I think I'd like to have at least on piece of cisco hardware to really get a feel for it.
Again, thanks a lot, I'm
18 matches
Mail list logo