News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
Mambo worm in the wild
December 06, 2005 @ 06:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the site...

1 comment voice your opinion now!
mambo worm wild elxbot mambo worm wild elxbot

blog comments powered by Disqus

Similar Posts

Christopher Kunz\'s Blog: Mambo worm in the wild

Community News: Mambo Foundation Podcasts

Community News: Mambo Lead Developer Quits

The Bakery: Mambo, Layout Switching, SimplePie and Caching Elements

Christopher Kunz\'s Blog: Mambo worm in the wild

Community Events

Don't see your event here?
Let us know!

laravel project composer series part2 interview api list opinion podcast yii2 programming introduction framework symfony php7 example application language community

All content copyright, 2015 :: - Powered by the Solar PHP Framework