[clue-tech] Lupper worm.
David L. Anselmi
anselmi at anselmi.us
Fri Nov 11 15:33:46 MST 2005
I see from the folks at SANS that the Lupper worm is spreading on Linux
systems. Here's one link:
http://isc.sans.org/diary.php?storyid=823
Oh hey, says I, maybe that's where these 404s that logwatch tells me
about are coming from:
/awstats/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 3 Time(s)
/blog/xmlrpc.php: 3 Time(s)
/phpgroupware/xmlrpc.php: 3 Time(s)
[et. al.]
Seems interesting that I've been seeing these for a while (and guessed
they were a PHP worm) before hearing about it. Not that I try very hard
to get told when new worms come out. Also interesting that these PHP
apps are popular enough for me to notice traffic from a worm going after
them.
'Course you'd think that PHP is new enough that they'd have avoided
having so many security holes, but I thought that about BIND 9 too...
Dave
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list