New version of the phpBB worm that successfully works against a patched phpBB 2.0.11. The scripts in this tarball are the worm itself and the bot that is installed.
16b732162c823b5b45b96caf698d1e229ba187473030bd0dc6a87b8f4118faa4
Perl script exploit extracted from the phpBB worm. This code attempts to deface htmls found on a target machine and attempts to use google to find more machines to attack.
edf382ee4d44601d99afea7f3daf8a668b6e92cd119c8b50c7f608dac2f3d77e
YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.
7e6984fccde306c2f649f0627392e68c07a024c68890ca592cab12d581e626a8
Brief analysis on the Symb/Cabir-B worm that was written specifically for the Nokia Series 60 mobile phones running the Symbian operating system.
d88a99b49aac9da3d26fb558eb119b553a9571fe97443460ff28b76b9d69d758
Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
c523a041b3bc82189566ff9554e40f8715e7d4a5d1e9058a5fbee8335170bea2
YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.
25c390845dd9bb2a1591abc2a0e3226d7def927158aae2a67bbe6ae794597199
YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.
a319dc7f4d6c4eb2f5bd80cdd3bd8043510faa6415e933db411d6965d406c3ca
Pop 3 scan is a full transparent proxy server for POP3 clients. It runs on a Linux box with iptables (for port redirection). It can be used to provide POP3 email scanning from the Internet to any internal network, and is ideal for helping to protect your Other OS LAN from harm, especially when used in conjunction with a firewall and other Internet proxy servers. It is designed to enable scanning of incoming email messages for viruses, worms, trojans, spam, and harmful attachments. Because viewing HTML email can enable a spammer to validate an email address (via Web bugs), it can also provide HTML stripping.
0a48ed875b165c0e893fa7082fc50f2adaf79df54dd4623c4a8e398ebb08da0f
Email Security through Procmail 1.145 - Email Security through Procmail attempts to address the trend towards "enhancing" email clients with support for active content, which exposes end-users to many and varied threats, by "sanitizing" email: removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided.
2d0f4c664d863c657f61f9af6748a8a19a9a63c5b00ade35407079c438ec548c
An analysis of the Klez worm listing all the steps that it takes.
f2c65ec510c5523d748d5d277a63219df67263954663d1d20fdfc5ad9b1abcfc
vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.
8ccf4c09583f75d4470ccf6960421588913866604303e286ad78dcd7ea17bbfd
vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.
153f4f33f318d3141ce68d6b21c2a4d19c425bdc02bffd0fceffe0f0c762791a
Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.
fe6e7139ffe5455305da5e52b63eeb8d4a419766258966ceb2ef0016e7cbe63e
YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.
0a2020f64ffde3521d3a9272c239b92de70d8076b994b5aa964249061e2942fe
Snort signatures that identify the new Sass worm that is propagating.
b69ecb8046fb28e2ec5770410354925379943778ef8847ca1a3d9898bd74f9bc
White-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.
749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98
Tclworm.tcl is a worm coded in TCL/Expect which exploits easily guessed passwords.
0c9228c982c7b924b7ccb6422167e490a8ec9d7bbd96d8253170385626c0bcf4
CERT Advisory CA-2003-20 - CERT announces that the exploitation of the RPC/DCOM vulnerability on Windows has now taken the form of a worm known as the W32/Blaster worm. This worm retrieves a binary that is then used to launch further attacks and is poised to launch a denial of service against windowsupdate.com.
d0e25a4a85c54bd50ad5e142ccb2f76e9828730a435bc2804f3ba2ff79e33d2a
Information regarding one variant of the Microsoft Windows DCOM worm that is circulating around the Internet.
59735ded0ae61947b297bce4cc8893aacbe08a99ba65ee013fdc60b7b6f1617c
Possibly one of many DCOM scanners/worms in circulation. Makes use of the 48 target exploit.
50eaf8d03dedab5be875488d96d74ce540febb02a673e0a877588e4ee2238a75
Quick analysis of the Mindjail worm being distributed by the trojan sdbot 0.5b.
26ebc9f01fd758864df70c938ca2efe7b474be66d6b56fa845180199b9dcda51
This utility scans a class C or B network for hosts infected with the Code Red II worm. It does this by checking for the presence of /scripts/root.exe which is the backdoor Code Red II leaves behind.
9d7ac64116e321ee9ad184ad22c7d68ea6e8821fb7ce10daf672883ea8effbea
CERT Advisory CA-2003-04 - A quickly spreading Microsoft SQL worm exploits two vulnerabilities in Microsoft SQL Server 2000 over udp port 1434.
2156045bc493481a21bb196558ebda1f8230f899a20b3be2226698ea91039e55
Eeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload.
1fd78f476cf00ccc0de6101ec49913f97a341524cce0732945250de296f1ea4c
ISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication. This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow (CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly select a new target, and resend the exploit and propagation code to that host.
3a77fcd92ec00163f9ca845cd4c731f4b077b50ac1f7c0901d732242725f76d2