|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Sanity worm defaces websites using php bug
cw wrote: Does anyone have any more detail on exactly what this thing does after it gets into a system? Check *any* AV web site. The cgi platform for a company I use has been hit and the effect is not just limited to phpBB, it seems to get into the server and then go through everything it can write to..Naturally. This can teach you a few lessons, ranging from, but not limited to: 1. Using packages that have a heigher rate of disclosed vulnerabilities than.... 2. Using packages that demand certain privileges. 3. Not limiting privileges. 4. Not patching. I lost a copy of UBB to this worm even though I don't rund phpBB off the same vhost.It shouldn't be a nightmare for people to do proper patching, especially when it is not a client application at all (I got what you meant..). A few months ago I heard and later made a joke about creating a random program that will build fake PHP applications advisories and email them to bugtraq daily. That's pretty much how it looks like today, as it is. This worm is finite, it won't last virtually forever like some other worms. I haven't looked at it yet, but my bet would be most of its harm is overhead of wasted traffic. Gadi.
|