[clue-tech] php
Mike Staver
staver at fimble.com
Mon Dec 20 12:59:26 MST 2004
Sigh. I've been hit by a worm that takes advantage of the fact that
Whitebox Linux does not have an updated php package available.
NeverEverNoSanity WebWorm generation 9
Every php file on my webserver has now been replaced by:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>This site is defaced!!!</TITLE>
</HEAD><BODY bgcolor="#000000" text="#FF0000">
<H1>This site is defaced!!!</H1>
<HR>
<ADDRESS><b>NeverEverNoSanity WebWorm generation 9.</b></ADDRESS>
</BODY></HTML>
I can't find any info on this worm, so I shut down apache on my server
until I can find an updated php rpm. I ran the latest chkrootkit, but
it didn't find anything - but then again, this worm appears to be very
new since Google doesn't contain any search results for it yet.
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list