Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Francisco Guerreiro (scent_at_mail.pt)
Date: Thu Oct 03 2002 - 07:58:52 CDT
('binary' encoding is not supported, stored as-is)
I was meddling in a friend's box when I came across a weird file in /tmp
with apache perms. I thought it was a exploit to obtain root since the
machine was vuln to the openssl problem, but it turned out to be something
else. attached I send the stuff I found, it's quite self explanatory.
I've looked at it for a few minutes, it's the slaper code, with some
comments and a shell script
that ghaters info about the box and send's it to an email account at
The ip that is written on the worm resolves to an adsl acount on some ISP,
i guess it is somekind
of target since it would be quite stupid to put your home ip on a worm.
-- http://obfuscated.info :: The light weight of mind..
10Mb na sua caixa de email gratuita no mail.pt http://www.mail.pt
- application/x-gzip-compressed attachment: cinik.tgz