....
 

Guardian Digital Inc. > InfoCenter > Mailing List Archives > Full Disclosure

Full Disclosure Mailing List Archive

From: ^^MAg^^ (rafal.kwasny@gmail.com)
Date: Sat Dec 25 2004 - 10:27:55 EST


On Fri, 24 Dec 2004 17:06:30 -0500, Herman Sheremetyev
<herman@swebpage.com> wrote:
> My patched phpBB 2.0.11 running on FreeBSD 4.10 was exploited by a new
> variation of the worm this morning. I'm attaching the 2 perl scripts it
> installs, one is an irc bot the other the worm itself.

Are you sure it's because bug in 2.0.11 ? I see there only old hilight bug

> -Herman

heh, this is soo lame

> my @adms=("ssh"); # Nick do administrador #
16:22:31 [ Whois ssh (ssh@233-140-117.xdsl-dinamico.ctbcnetsuper.com.br) ]
16:22:31 : Ircname : Se fu ???? e dai ??
16:22:31 : Domain : "Brazil"
16:22:31 : Channels : #staff #ssh
16:22:31 : Server : hub3.ssh.net [SSHWorms R0xNet Server]
16:22:31 --- End of Whois ---

the person with this nick can controll all of this

> my @canais=("#ssh echo"); # Caso haja senha ("#canal :senha") #
> $servidor='ssh.gigachat.net' unless $servidor; # Servidor de irc que vai ser usado #

/server ssh.gigachat.net
/join #ssh echo
everyone's invited ;)
( also #fuck_this_worm )

greets goes to prophecy who found it at the same time :)

-- 
Greetings
^^MAg^^                                         mailto:/jid: mag@jabberpl.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.