Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
Mambo worm in the wild
Dec 06, 2005 @ 12:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the Outpost24.com site...

tagged: mambo worm wild elxbot mambo worm wild elxbot

Link:

Christopher Kunz's Blog:
Mambo worm in the wild
Dec 06, 2005 @ 12:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the Outpost24.com site...

tagged: mambo worm wild elxbot mambo worm wild elxbot

Link:


Trending Topics: