[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Worm traffic?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] PHP Worm traffic?
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Tue, 17 Dec 2013 17:01:16 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

On 17 Dec 2013, at 16:55, Simon Avery <digdilem@xxxxxxxxx> wrote:

I think this worm has scope to become a major issue still

What's the payload?

Symantec reports it opens a backdoor to the system (not that a new one was needed), and the system joins in the hunts for other vulnerable systems.

I would say it appears to be fairly modest payload, but the Symantec article suggests the authors have put a lot of work in to compromise all systems vulnerable to this attack suggesting to me there is a purposes other than idle curiosity.

On the other hand it isn't aggressive, an aggressive tool of this type could have owned all vulnerable servers within minutes, which suggests it isn't say a state actor with clear intent.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] PHP Worm traffic?
- From: Simon Avery

References:
- [LUG] PHP Worm traffic?
  - From: Simon Waters
- Re: [LUG] PHP Worm traffic?
  - From: Tom
- Re: [LUG] PHP Worm traffic?
  - From: Martijn Grooten
- Re: [LUG] PHP Worm traffic?
  - From: Simon Waters
- Re: [LUG] PHP Worm traffic?
  - From: Simon Avery

Prev by Date: Re: [LUG] PHP Worm traffic?
Next by Date: Re: [LUG] problems with Youtube videos
Previous by thread: Re: [LUG] PHP Worm traffic?
Next by thread: Re: [LUG] PHP Worm traffic?
Index(es):
- Date
- Thread