exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 177 RSS Feed

Worm Files

phpbbworm2.tgz
Posted Dec 31, 2004
Authored by Herman Sheremetyev

New version of the phpBB worm that successfully works against a patched phpBB 2.0.11. The scripts in this tarball are the worm itself and the bot that is installed.

tags | exploit, worm
SHA-256 | 16b732162c823b5b45b96caf698d1e229ba187473030bd0dc6a87b8f4118faa4
exploitphpbb.zip
Posted Dec 31, 2004

Perl script exploit extracted from the phpBB worm. This code attempts to deface htmls found on a target machine and attempts to use google to find more machines to attack.

tags | exploit, worm, perl
SHA-256 | edf382ee4d44601d99afea7f3daf8a668b6e92cd119c8b50c7f608dac2f3d77e
nkvir-2129b.gz
Posted Dec 12, 2004
Authored by nikant | Site agriroot.aua.gr

YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.

Changes: Added various virus signatures.
tags | worm
systems | unix
SHA-256 | 7e6984fccde306c2f649f0627392e68c07a024c68890ca592cab12d581e626a8
symbian.txt
Posted Dec 11, 2004
Authored by Geza

Brief analysis on the Symb/Cabir-B worm that was written specifically for the Nokia Series 60 mobile phones running the Symbian operating system.

tags | paper, worm
SHA-256 | d88a99b49aac9da3d26fb558eb119b553a9571fe97443460ff28b76b9d69d758
bofra_overview.txt
Posted Nov 20, 2004
Authored by Bryan Burns

Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.

tags | paper, worm, virus
SHA-256 | c523a041b3bc82189566ff9554e40f8715e7d4a5d1e9058a5fbee8335170bea2
nkvir-2127.tgz
Posted Nov 1, 2004
Authored by nikant | Site agriroot.aua.gr

YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.

Changes: Added various virus signatures.
tags | worm
systems | unix
SHA-256 | 25c390845dd9bb2a1591abc2a0e3226d7def927158aae2a67bbe6ae794597199
nkvir-rc.gz
Posted Sep 30, 2004
Authored by nikant | Site agriroot.aua.gr

YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.

Changes: Added various virus signatures.
tags | worm
systems | unix
SHA-256 | a319dc7f4d6c4eb2f5bd80cdd3bd8043510faa6415e933db411d6965d406c3ca
p3scan-1.0.tar.gz
Posted Sep 21, 2004
Authored by laitcg | Site p3scan.sourceforge.net

Pop 3 scan is a full transparent proxy server for POP3 clients. It runs on a Linux box with iptables (for port redirection). It can be used to provide POP3 email scanning from the Internet to any internal network, and is ideal for helping to protect your Other OS LAN from harm, especially when used in conjunction with a firewall and other Internet proxy servers. It is designed to enable scanning of incoming email messages for viruses, worms, trojans, spam, and harmful attachments. Because viewing HTML email can enable a spammer to validate an email address (via Web bugs), it can also provide HTML stripping.

tags | worm, web, trojan
systems | linux, unix
SHA-256 | 0a48ed875b165c0e893fa7082fc50f2adaf79df54dd4623c4a8e398ebb08da0f
html-trap.procmail.1.145.gz
Posted Sep 21, 2004
Authored by John Hardin | Site impsec.org

Email Security through Procmail 1.145 - Email Security through Procmail attempts to address the trend towards "enhancing" email clients with support for active content, which exposes end-users to many and varied threats, by "sanitizing" email: removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided.

Changes: Various bug fixes.
tags | worm, trojan
systems | unix
SHA-256 | 2d0f4c664d863c657f61f9af6748a8a19a9a63c5b00ade35407079c438ec548c
klezanalysis.txt
Posted Aug 31, 2004
Authored by Klemster, indiasec | Site indiasec.com

An analysis of the Klez worm listing all the steps that it takes.

tags | worm
SHA-256 | f2c65ec510c5523d748d5d277a63219df67263954663d1d20fdfc5ad9b1abcfc
vthrottle-0.54.tar.gz
Posted Jun 8, 2004
Authored by Jose Nazario | Site monkey.org

vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.

Changes: Miscellaneous updates.
tags | worm
systems | unix
SHA-256 | 8ccf4c09583f75d4470ccf6960421588913866604303e286ad78dcd7ea17bbfd
vthrottle-0.53.tar.gz
Posted Jun 3, 2004
Authored by Jose Nazario | Site monkey.org

vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.

tags | worm
systems | unix
SHA-256 | 153f4f33f318d3141ce68d6b21c2a4d19c425bdc02bffd0fceffe0f0c762791a
sasserftpd.c
Posted May 11, 2004
Authored by mandragore

Remote exploit for the Sasser worm ftpd server that spawns on port 5554.Targets included for Windows XP and 2000. Note: To use this against Sasser.e, change the port to 1023.

tags | exploit, worm, remote
systems | windows
advisories | CVE-2003-0533
SHA-256 | fe6e7139ffe5455305da5e52b63eeb8d4a419766258966ceb2ef0016e7cbe63e
nkvir-rc
Posted May 9, 2004
Authored by nikant | Site agriroot.aua.gr

YAVR, or Yet Another antiVirus Recipe, is a procmail recipe that helps filter out many of the common e-mail worms and viruses.

tags | worm
systems | unix
SHA-256 | 0a2020f64ffde3521d3a9272c239b92de70d8076b994b5aa964249061e2942fe
sass.snort.txt
Posted May 4, 2004
Authored by Martin Overton

Snort signatures that identify the new Sass worm that is propagating.

tags | tool, worm, sniffer
SHA-256 | b69ecb8046fb28e2ec5770410354925379943778ef8847ca1a3d9898bd74f9bc
Application_Worms.pdf
Posted Mar 30, 2004
Site imperva.com

White-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.

tags | paper, worm, web
SHA-256 | 749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98
tclworm.tcl
Posted Dec 16, 2003
Authored by sirius_black | Site membres.lycos.fr

Tclworm.tcl is a worm coded in TCL/Expect which exploits easily guessed passwords.

tags | worm
SHA-256 | 0c9228c982c7b924b7ccb6422167e490a8ec9d7bbd96d8253170385626c0bcf4
CA-2003-20.blaster.txt
Posted Aug 12, 2003
Site cert.org

CERT Advisory CA-2003-20 - CERT announces that the exploitation of the RPC/DCOM vulnerability on Windows has now taken the form of a worm known as the W32/Blaster worm. This worm retrieves a binary that is then used to launch further attacks and is poised to launch a denial of service against windowsupdate.com.

tags | advisory, worm, denial of service
systems | windows
SHA-256 | d0e25a4a85c54bd50ad5e142ccb2f76e9828730a435bc2804f3ba2ff79e33d2a
dcomworm.txt
Posted Aug 12, 2003
Authored by Sylvain Descoteaux

Information regarding one variant of the Microsoft Windows DCOM worm that is circulating around the Internet.

tags | advisory, worm
systems | windows
SHA-256 | 59735ded0ae61947b297bce4cc8893aacbe08a99ba65ee013fdc60b7b6f1617c
dcomworm.zip
Posted Aug 5, 2003
Authored by Legion2000 | Site legion2000.tk

Possibly one of many DCOM scanners/worms in circulation. Makes use of the 48 target exploit.

tags | exploit, worm
SHA-256 | 50eaf8d03dedab5be875488d96d74ce540febb02a673e0a877588e4ee2238a75
mindjail.txt
Posted Jul 6, 2003
Authored by sloth | Site nopninjas.com

Quick analysis of the Mindjail worm being distributed by the trojan sdbot 0.5b.

tags | worm, trojan
SHA-256 | 26ebc9f01fd758864df70c938ca2efe7b474be66d6b56fa845180199b9dcda51
FendIIS.pl
Posted Apr 30, 2003
Authored by Matt 'Zola' Stevens | Site zola.org.uk

This utility scans a class C or B network for hosts infected with the Code Red II worm. It does this by checking for the presence of /scripts/root.exe which is the backdoor Code Red II leaves behind.

tags | tool, worm, root, scanner
systems | unix
SHA-256 | 9d7ac64116e321ee9ad184ad22c7d68ea6e8821fb7ce10daf672883ea8effbea
CA-2003-04.mssql.worm
Posted Jan 26, 2003
Site cert.org

CERT Advisory CA-2003-04 - A quickly spreading Microsoft SQL worm exploits two vulnerabilities in Microsoft SQL Server 2000 over udp port 1434.

tags | worm, udp, vulnerability
SHA-256 | 2156045bc493481a21bb196558ebda1f8230f899a20b3be2226698ea91039e55
eeye.sql-worm.txt
Posted Jan 25, 2003
Authored by Riley Hassell | Site eEye.com

Eeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload.

tags | worm, udp
SHA-256 | 1fd78f476cf00ccc0de6101ec49913f97a341524cce0732945250de296f1ea4c
Internet Security systems Security Alert January 25, 2003
Posted Jan 25, 2003
Site xforce.iss.net

ISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication. This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow (CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly select a new target, and resend the exploit and propagation code to that host.

tags | worm
advisories | CVE-2002-0649
SHA-256 | 3a77fcd92ec00163f9ca845cd4c731f4b077b50ac1f7c0901d732242725f76d2
Page 4 of 8
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close