From owner-freebsd-security  Fri Jun 28  9:29: 7 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CE68637B400
	for <freebsd-security@FreeBSD.ORG>; Fri, 28 Jun 2002 09:28:59 -0700 (PDT)
Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2AAD543E09
	for <freebsd-security@FreeBSD.ORG>; Fri, 28 Jun 2002 09:28:59 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by obsidian.sentex.ca (8.12.5/8.12.4) with ESMTP id g5SGSXMX051363;
	Fri, 28 Jun 2002 12:28:33 -0400 (EDT)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20020628123102.041e17a0@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 28 Jun 2002 12:31:34 -0400
To: flynn@energyhq.homeip.net
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Apache worm in the wild
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20020628113834.GA10062@energyhq.homeip.net>
References: <20020628125817.O68824-100000@axis.tdd.lt>
 <20020628125817.O68824-100000@axis.tdd.lt>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: By Sentex Communications (obsidian/20020220)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 01:38 PM 28/06/2002 +0200, flynn@energyhq.homeip.net wrote:
>On Fri, Jun 28, 2002 at 01:01:32PM +0200, Domas Mituzas wrote:
>
>Hi,
>
> > our honeypot systems trapped new apache worm(+trojan) in the wild. It
> > traverses through the net, and installs itself on all vulnerable apaches
> > it finds. No source code available yet, but I put the binaries into public
>
>Wow, an interesting puppy. I just ran it through dasm to get the
>assembler dump. The executable is not even stripped, and makes an


Hi,
         Is this aimed at all OSes are just FreeBSD ?

         ---Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message