[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: bugtraq.c httpd apache ssl attack

Michael Renzmann <mrenzmann@dylanic.de> writes:

> One thing that makes me wonder: after I wrote my first few lines about
> the attack on the rlx blade server that we experienced, someone gave a
> correct hint to the worm (describing it with some of its actions), and
> also mentioned a URL for the source code of the worm. When looking at
> that source (http://dammit.lt/apache-worm/apache-worm.c) it is quite
> obviously that "our" source is totally different.

The bot is roughly the same, only the exploit is different.

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to: