News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
Mambo worm in the wild
December 06, 2005 @ 06:50:24

According to this post on Christopher Kunz today, there's a Mambo-targeted worm out "in the wild" called Elxbot.

Well, it wasn't totally unexpected, I guess. The recently discovered remote code execution hole in Mambo has spawned a nifty little worm, called "Elxbot". I actually referred to the (then still fairly unknown) vulnerability and to the possibility that it might be abused by worm writers in my talk at the last PHP Conference.

I am already expecting a similar outbreak for the PHPKIT holes I recently reported. It has all of the features that I outlined above, although the install base is probably somewhat limited to german users (and there, mainly to gaming clans). Seeing this, I didn't actually publish a PoC for the remote code execution hole, but it is somewhat trivial to find and exploit anyway.

The worm itself searches Google for available targets, infects the system, and connects to an IRC server where the controlling party is waiting. From there things like arbitrary command execution, TCP floods, HTTP floods, and Portscans can be made. For complete information, check out this page on the Outpost24.com site...

1 comment voice your opinion now!
mambo worm wild elxbot mambo worm wild elxbot



Community Events





Don't see your event here?
Let us know!


podcast opinion update tips list package install library community symfony api interview release deployment zendserver series framework introduction laravel language

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework