Another Debian server security breach

Friday, September 8th, 2006

According to this story, there has been another compromise of a debian project server. (Is this the third in the last year?)… the Alioth webserver was offline most of the 5th of September… It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After thorough investigation, we discovered that [...]

The Great Cyberwar

Thursday, June 8th, 2006

It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages [...]

x11vnc slow internet initial-connection performance – identd timeout

Tuesday, June 6th, 2006

So, I had the script all ready, I’ve got my x11vnc custom compiled to be as widely compatible as possible, I’ve tested thoroughly on the internal network. The next step was to test my x11vnc “one cut and paste” script over the internet. So, I visited my parents pc which dual-boots Windows XP and Mandrake [...]

AIM worm

Friday, January 6th, 2006

Strange AIM worm going around. It apparently includes an interesting combination of rootkits, a rootkit detector, spyware/adware, and a specialized bittorrent client. The machines can then be controlled through IRC. Source seems to be the Middle East… IM hackers then control a global botnet where their infections can be tested and payloads are pushed. Facetime [...]

Another trojan using WMF exploit in SPAM

Wednesday, January 4th, 2006

F-Secure is reporting on another SPAM attack that tries to get people to click on a link to a site with an exploit-crafted WMF file. The message is along the lines of a claimed Professor at Yale announcing the unfortunate vandalism over the New Year holiday, the link purports to be pictures of the act [...]

Linux php-exploit bot

Friday, December 23rd, 2005 writes to remind as that bot’s aren’t just for Windows. The recent PHP exploits have seen the use of the “kaiten” bot. After infection on the system it connects to an IRC server. It would primarily target linux systems. They do give a very good way to blunt most Linux bot-style malwares…    Send [...]

Sony BMG is still having a bad week….

Thursday, November 10th, 2005

Unfortunately a LOT of people that have bought Sony-BMG cds (or borrowed, whatever…) are going to have some headaches too. By stock in Tylenol or Aleve or something…. anyway… here’s todays roundup of Sony Rootkit news. Including a virus borrowing the gift of SONY… First up is some “backstory” that reminds us of Sony’s attitudes [...]

Phpbb include vulnerability scanning

Wednesday, November 9th, 2005 is reporting scanning for phpbb include vulnerabilities through Google. Apparently there is an IRC botnet being “cultivated”. They are scanning for versions of phpBB prior to 2.0.10, the current release is 2.0.18. The new IRC bot scans for vulnerable systems using Google, when successful it announces that “oopz and sirh0t and Aleks g0t pwned [...]

A virus writer talks….

Monday, August 29th, 2005

Along the lines of “Wishlist of Spyware Slime” that I referred to last week, it appears there’s a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details.    Send article as PDF   

Esbot and Zotob updates….

Wednesday, August 17th, 2005

Wednesday afternoon and Esbot is up to revision .B, Zotob is up to G according to Sarc (Symantec antivirus research). They have appropriate removal tools and details on affected systems there. Meanwhile the Sans institute ( has a rundown of the latest in todays handlers diary.    Send article as PDF   


Switch to our mobile site