Re: Fwd: bugtraq.c httpd apache ssl attack
Michael Renzmann <email@example.com> writes:
> One thing that makes me wonder: after I wrote my first few lines about
> the attack on the rlx blade server that we experienced, someone gave a
> correct hint to the worm (describing it with some of its actions), and
> also mentioned a URL for the source code of the worm. When looking at
> that source (http://dammit.lt/apache-worm/apache-worm.c) it is quite
> obviously that "our" source is totally different.
The bot is roughly the same, only the exploit is different.
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898