Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Mihai (Cop) Moldovanu (mihaimtfm.ro)
Date: Fri Jun 28 2002 - 14:46:06 CDT
Domas Mituzas said:
> our honeypot systems trapped new apache worm(+trojan) in the wild. It
> traverses through the net, and installs itself on all vulnerable
> apaches it finds. No source code available yet, but I put the binaries
> into public place, and more investigation is to be done.
> Domas Mituzas
> Central systems MicroLink Data
I dissasembled it. Was a good thing that executable was not stripped.
Result is here :
I will look deeper into it tonight.
Best Regards ,
-- TFM Group . Linux Division . Mihai Moldovanu http://www.tfm.ro/ http://portal.tfm.ro/
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message