The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Хинт: Ищите информацию по SQL ? Рекомендую посмотреть следующие статьи.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

Bind 8 Exploit - Trojan


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 31 Jan 2001 20:09:33 -0800
From: Matt Lewis <matt@NINJAS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Bind 8 Exploit - Trojan

The Bind 8 Exploit sent to bugtraq users by "nobody@replay.com" is a
Trojan, as I'm sure many have found out at this point.

It attacks dns1.nai.com, and I haven't researched it extensively yet,
wanted to get this out. There's quite possibly other things going on as
well, locally.

I straced it and got odd results, the last time I ran it, it didn't
launch the attack. Shellcode analyzation would be required here.

How did this get approved, did anyone test it or review it?

You can see the IP address for dns1.nai.com listed in the shellcode
included with the file. It forks off many copies of itself and violently
attacks NAI's nameserver.

I sent this out hastily, so forgive any mistakes made beyond the
original observation of the attack.

-Matt Lewis

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList