> How did this get approved, did anyone test it or review it?

Didn't you? - I'd rather see the information despatched to us quickly and
treat it with caution, than have delays introduced whilst the code is
rigorously tested. The moderators already have a lot on their plate without
dumping this responsibility on them.

Take Care
Andy
http://www.networkintrusion.co.uk
Talisker's Network Security Tools List

Security Tools Notification
http://groups.yahoo.com/group/security-tools/join
----- Original Message -----
From: "Matt Lewis" <mattNINJAS.ORG>
To: <BUGTRAQSECURITYFOCUS.COM>
Sent: Thursday, February 01, 2001 4:09 AM
Subject: Bind 8 Exploit - Trojan

> The Bind 8 Exploit sent to bugtraq users by "nobodyreplay.com" is a
> Trojan, as I'm sure many have found out at this point.
>
> It attacks dns1.nai.com, and I haven't researched it extensively yet,
> wanted to get this out. There's quite possibly other things going on as
> well, locally.
>
> I straced it and got odd results, the last time I ran it, it didn't
> launch the attack. Shellcode analyzation would be required here.
>
> How did this get approved, did anyone test it or review it?
>
> You can see the IP address for dns1.nai.com listed in the shellcode
> included with the file. It forks off many copies of itself and violently
> attacks NAI's nameserver.
>
> I sent this out hastily, so forgive any mistakes made beyond the
> original observation of the attack.
>
> -Matt Lewis
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]