Packetstorm archive warning: 73501867, PHP exploit binary code found to be virus distribution vector for Linux.Jac.8759.

From: Emerson (et@c4i.org)
Date: Sun May 05 2002 - 17:06:07 EDT

• Next message: Ryan Russell: "Re: Arp spoofing & dsniff"
• Previous message: kumar mahadevan: "Re: Arp spoofing & dsniff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everyone,

The Packetstorm staff was recently notifed that a recent submission
collected in the wild is a distribution vector for the Linux.Jac.8759
virus. We realise that many in the security reseach community
regularly mirror the site or frequently use it, so a post to the
lists seemed appropriate. The following appears at
http://packetstormsecurity.nl/73501867.html (our dutch distribution
mirror).

While we make efforts to ensure that we do not mislabel artifacts,
this one appears to have slipped through the process, and we
apologise for the inconvience this may have caused.

===

On May 5, a file was added to Packet Storm which was found to contain
a linux virus known as Linux.Jac.8759. The file, 73501867, is an
exploit for PHP in binary form. While not particularly dangerous, it
does infect all ELF binaries in the current directory when run. More
information on this virus can be found here.

The exploit was submitted by a well meaning security researcher who
obtained the binary in the wild.

The PacketStorm Staff apologizes for any inconvenience.
====

Yours sincerly

Emerson Tan

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPNWevliWWi7iPQWtEQKALQCfaw9zizayMLK9QFC5JwZCtOTzDIAAoKaR
ON6KdXqYUC8iCmgcbJ1Qa5Ws
=7Re6
-----END PGP SIGNATURE-----

***
"Printer's ink has been running a race against gunpowder these many, many
years. Ink is handicapped, in a way, because you can blow up a man with
gunpowder in half a second, while it may take twenty years to blow him up
with a book. But the gunpowder destroys itself along with its victim, while
a book can keep on exploding for centuries." --Chistopher Morley, "The
Haunted Bookshop"
Emerson Tan
http://www.packetstormsecurity.org
nutter@technologist.com
director@packetstormsecurity.org
PGP public key from http://pgpkeys.mit.edu, or on request
PGP key fingerprint: 7A34 BF8D F7AB A6FC F242 80F9 5896 5A2E E23D 05AD

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Ryan Russell: "Re: Arp spoofing & dsniff"
• Previous message: kumar mahadevan: "Re: Arp spoofing & dsniff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT