[Dshield] FW: Apache worm in the wild

Geoff Shively gshively at pivx.com
Sun Jun 30 23:29:53 GMT 2002


Hello Everyone,

Now confirmed, a worm nicknamed 'Scalper' is spreading that exploits the
week old Apache HTTP Server chucked
encoding vulnerability. The new worm was first seen after it attacked a
honeypot in Lithuania hosted by MicroLink. Luckily, the worm has not picked
up much steam yet, so take this opportunity to patch your servers.

PivX Solutions has issued a bulletin which contains programs and patches
that make fixing the hole a bit easier for the less technical of
administrators: http://www.pivx.com/apache_chunk.html#patch1


Thank You,
Geoff Shively
PivX Solutions, LLC



----- Original Message -----
From: "Thomas J. Jablonowski" <tjj at i-boop.com>
To: <list at dshield.org>
Sent: Friday, June 28, 2002 6:14 PM
Subject: RE: [Dshield] FW: Apache worm in the wild


: >From Bugtraq list...
:
: Hi,
:
: no need for further binary analysis, I've got the source in my inbox:
:
: http://dammit.lt/apache-worm/apache-worm.c
:
: Regards,
: Domas Mituzas
: MicroLink Data
:
: -----Original Message-----
: From: Sunil James [mailto:suniljames at hotmail.com]
: Sent: Friday, June 28, 2002 1:44 PM
: To: list at dshield.org
: Subject: [Dshield] FW: Apache worm in the wild
:
: Greetings,
:
: Has anyone seen more information on this?
:
: Thanks,
:
: Sunil
:
: -----Original Message-----
: From: Domas Mituzas [mailto:domas.mituzas at microlink.lt]
: Sent: Friday, June 28, 2002 7:02 AM
: To: freebsd-security at freebsd.org
: Cc: bugtraq at securityfocus.com; os_bsd at konferencijos.lt
: Subject: Apache worm in the wild
:
:
: Hi,
:
: our honeypot systems trapped new apache worm(+trojan) in the wild. It
: traverses through the net, and installs itself on all vulnerable apaches
: it finds. No source code available yet, but I put the binaries into
: public
: place, and more investigation is to be done.
:
: http://dammit.lt/apache-worm/
:
: Regards,
: Domas Mituzas
:
: Central systems @ MicroLink Data
:
: _________________________________________________________________
: Send and receive Hotmail on your mobile device: http://mobile.msn.com
:
: _______________________________________________
: Dshield mailing list
: Dshield at dshield.org
: To change your subscription options (or unsubscribe), see:
: http://www.dshield.org/mailman/listinfo/list
:
: _______________________________________________
: Dshield mailing list
: Dshield at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:




More information about the list mailing list