('binary' encoding is not supported, stored as-is) hi folks..
I was meddling in a friend's box when I came across a weird file in /tmp
with apache perms. I thought it was a exploit to obtain root since the
machine was vuln to the openssl problem, but it turned out to be something
else. attached I send the stuff I found, it's quite self explanatory.
I've looked at it for a few minutes, it's the slaper code, with some
comments and a shell script
that ghaters info about the box and send's it to an email account at
yahoo.com .
The ip that is written on the worm resolves to an adsl acount on some ISP,
i guess it is somekind
of target since it would be quite stupid to put your home ip on a worm.

regards,
cray

-- 
-- http://obfuscated.info :: The light weight of mind.. 
10Mb na sua caixa de email gratuita no mail.pt
http://www.mail.pt

• application/x-gzip-compressed attachment: cinik.tgz

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]