Email Security through Procmail 1.137 - Email Security through Procmail attempts to address the trend towards "enhancing" email clients with support for active content, which exposes end-users to many and varied threats, by "sanitizing" email: removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided.
5835b37fa391d7f8b9c86f8d02e7ae80e677ffe9aa99a75bb00380be8f5fb085Netbios Worm v1.0 is a simple program which shows how a worm can spread across netbios shares.
5537a2f48a21330e64b052695d14ffa0b6b83bfeb27f1a5920b8dbc6e6617e57CERT Quarterly Summary CS-2002-04 - Popular vulnerabilities being exploited by attackers these days include an Apache/mod_ssl worm, OpenSSL bugs, Trojan horse sendmail, libpcap, and tcpdump, multiple BIND bugs, and a heap overflow in Microsoft MDAC.
9533ea880a378b11d111894d5f2c202e138383a35bb1203499c902284363b2eeTwo modified versions of the slapper worm exploit made more user-friendly with simple interaction to define what host and port will be hit with the exploit.
33f0ab9cc7a39a816dbc6dddc8b1952feeb6871f5ad68e60decab4626431eb7cSOFFIC is a Linux kernel patch for kernel 2.4.18 that provides file integrity control integrated into the normal system operation, on-the-fly. It checks a file's integrity each time a monitored file is opened for reading or execution, and issues a warning if it is found to be invalid. It protects against rootkits, backdoors, worms, viruses, Web defacement, unauthorized installation and use of new software, and much more.
e082f3f9067f915031f89bfada0020dfaee0f295ebeb36bbe6ab687a39530944SOFFIC is a Linux kernel patch for kernel 2.4.18 that provides file integrity control integrated into the normal system operation, on-the-fly. It checks a file's integrity each time a monitored file is opened for reading or execution, and issues a warning if it is found to be invalid. It protects against rootkits, backdoors, worms, viruses, Web defacement, unauthorized installation and use of new software, and much more.
05c175a604896782e0fcbcd14dc4dd9717f3a58ec9ab6bcd61c01732daafaeadThis is a modified version of the Slapper worm and was recovered from a compromised machine. Modifications to the worm let it mail system information, such as the ip address and processor type, to a Yahoo! email address. No other changes where made.
d871493127f042e44746b0d6678a391feb86eed4b2f5224af756399b4ec22188This exploit abuses the KEY_ARG buffer overflow that exists in SSL enabled Apache web servers that are compiled with OpenSSL versions prior to 0.9.6e. The apache-ssl-bug.c exploit is based on the Slapper worm (bugtraq.c), which is based on a early version of the apache-open-ssl exploit.
436090b56a7078c33d435bf10253452623305a3c47e6e5c7f13c05a10118fd8dSOFFIC is a Linux kernel patch for kernel 2.4.18 that provides file integrity control integrated into the normal system operation, on-the-fly. It checks a file's integrity each time a monitored file is opened for reading or execution, and issues a warning if it is found to be invalid. It protects against rootkits, backdoors, worms, viruses, Web defacement, unauthorized installation and use of new software, and much more.
2063dc3d456ab6d0c6bcea1d44e61d352a87fc81ffa3f80061768a5feeeb91a7Apache OpenSSL handshake exploit for Linux/x86, from a circulating Apache worm. Spawns a nobody shell on tcp port 30464. Includes targets for most recent distributions.
d556b921afa65987fbfce40ecaf730bfb6ad9fb761d32e4aaff71b95149502ebFreeBSD Apache exploit based on apache-worm.c. Affects FreeBSD 4.5 Apache 1.3.20-24. Sends a nobody shell to TCP port 30464. This is a fixed version - Prior versions were broken.
f406bf2bf696f6639b1cc39d57ebe81efe602557b5527375dfa26c0efe708046Linux Slapper Worm - This file contains the binaries and source code for the current Apache worm which affects multiple versions of Linux. It exploits an OpenSSL buffer overflow to run a shell on the remote system and also contains the ability to perform a DDoS attack. These files were found in the wild from machines that had been compromised.
d3ec4e9ec583742751a572f26d177d723e381fbc16fa7071657472887becb4abCert Advisory CA-2002-27 - Linux systems running Apache with mod_ssl accessing SSLv2-enabled OpenSSL 0.9.6d or earlier on Intel x86 architectures are being automatically exploited by a worm which takes advantage of VU#102795 in OpenSSL. The worm scans for vulnerable systems on port 80, then sends exploit code over port 443. The worm also functions as a ddos network which communicates over TCP port 2002. Infected systems can be identified by the presence of /tmp/.bugtraq.c. Fix available here.
eab54007a6d2d6de6fd9dbc5ac0556c2d08bc495727db543468bf1eeac50eabbC source for the Internet Worm.
5f04b972289d78bce39a89422a166dc5510aac2fac47f8d450267c05590c6f4eA report on the internet worm dated November 7,
e178dc8d5c92892e372d34202c18c471a4aac8204dd43d6586655b35345704e6A text on the famous internet worm and the guy
afa39a9760405916c858cb5d59fb655636e8a1996d513a5e5b09ef0572337eadBigeye is a network utility dump that can be run in multiple modes - sniffer, logging connections, and even emulating protocols such as HTTP or FTP. The main focus of this program is to create an emulative service that would fool hackers/worms into thinking that they're exploiting a real service, but in fact, they're trying to exploit a fake service. The services currently available are ftp or http. Useful for honeypots.
539835fe1b31923f09bb295a5f862a421092758644cc95c5c8832c043cfe9635Apache-worm.c is an Internet worm based on the GOBBLES exploit for the Apache chunked encoding vulnerability. Affects FreeBSD 4.5 Apache 1.3.20-24.
7e8cfc693a27e75dad94cb2914b20571a773e114f787a941165fde8b56adc689Worms.pl is a script which checks apache log files for nimda and code red attempts.
27b82000f96e554f583c9807319cbd35af6c79b1a88f62f13b25cc0fe8e76f53"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
007cc93f8790a53659368914af4edfb50070e6df7bd9611be2379803052a050fRemotely detects and cleans binaries infected with the RST worm.
f572b0c5d049cab7ad21b761b97da40f1a2a16317df8dc03d078394a7337014dRootscanner.pl is a scanner to find root.exe, the backdoor left by the code red II worm. Takes a starting and ending IP as input.
21cbf680c0db7d3768a2e3451a2b47859affe8f26026c6864f0328fa8b512f66The Code Red worm is likely to start spreading again on July 31, 2001 at 8:00 EDT. All IIS 4 and 5 users MUST upgrade immediately! Fix for NT 4.0 available here.
6c9c02a04bec8e369b5d9d6a559029473f1a46e95779d6c1759e5299505cb94cCERT Quarterly Summary for May, 2001. Since the last regularly scheduled CERT summary, issued in February 2001 (CS-2001-01), we have seen a significant increase in reconnaissance activity, a number of self-propagating worms, and active exploitation of vulnerabilities in snmpxdmid, BIND and IIS by intruders.
4a4c69c74f9f9dfbf99e62d106c6b336a191d5792a093ca4b01aa1079a25f3c2Cert Advisory CA-2001-11 - A worm which uses the sadmind overflow and the IIS unicode bug is propagating on the internet. Solaris systems compromised by this worm are being used to scan and compromise other Solaris and IIS systems. IIS systems compromised by this worm can suffer modified web content.
b7fd1b3c4d68118378d002763085fde45537233ded7492d3360c662fb0f27415
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed