Create an Account
username: password:
 
  MemeStreams Logo

Rumors of another new worm surfacing.

search

Dagmar
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Dagmar's topics
Arts
  Sci-Fi/Fantasy Literature
Business
Games
  Role Playing Games
  Video Games
   PC Video Games
   Console Video Games
   Multiplayer Online Games
Health and Wellness
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
  Activism
  Futurism
  Politics and Law
   Internet Civil Liberties
   Surveillance
   Intellectual Property
  Media
  Philosophy
  Religion
  Security
Technology
  Computers
   Computer Security
   PC Hardware
   Computer Networking
   Computing Platforms
    Linux
   Software Development
    Open Source Development
    Perl Programming

support us

Get MemeStreams Stuff!


 
Rumors of another new worm surfacing.
Topic: Computer Security 7:30 pm EST, Jan 24, 2008

Lots of juicy, juicy in this one, but there's something about it that smells funny.

A server compromise trend has been recently reported targeting multiple hosting platforms. RedHat Enterprise Linux & Centos 4/5 and Fedora Core 5/6 are the most common targets. This compromise is not believed to be specific to cPanel software. This issue has been seen on systems running a variety of control panels. There are still many unknown details regarding this exploit. It has been established that this compromise requires super user privileges. It is common to see a short but successful root login via ssh 5-10 minutes before the compromise occurs. The initial entry point is not confirmed at this time.

So basically, the people too stupid to pick a decent root password are getting exploited... nothing much new here... kind of hard to take over the Internet with unimportant machines no one puts much importance into and don't attract many pageviews.

This isn't always the case in older variants of the rootkit. To be certain your server isn't compromised, it's best to sniff packets for a brief 3-5 minute period. You can do this using the command below:

tcpdump -nAs 2048 src port 80 | grep "[a-zA-Z]\{5\}\.js'"

...alternatively, you could simply find an exploitable bug in tcpdump or grep and encourage many thousands of people around the world to run those binaries for several minutes on their really important, high page-view sites while you madly scan thousands of prospective target webhosts with your other botnet of more easily exploited machines.

Exploitable bugs in tcpdump you say? No... that's never happened before.

Rumors of another new worm surfacing.



 
 
Powered By Industrial Memetics
RSS2.0