Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-04-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More agobot/phatbot/polybot variants, cPanel resetpass exploit

Published: 2004-04-02
Last Updated: 2004-04-03 01:47:21 UTC
by Jim Clausing (Version: 1)
0 comment(s)
More agobot/phatbot/polybot variants

We've received e-mail today of several sites reporting infections of machines that are apparently current on patches and running current anti-virus signatures that have been infected with what appear to be agobot/phatbot/polybot variants. We're still awaiting more detailed forensic examination of the infected machines.



cPanel resetpass exploit

We also received e-mail today from an individual who has captured evidence of attempts to exploit the cPanel resetpass vulnerability described at

http://archives.neohapsis.com/archives/bugtraq/2004-03/0116.html
http://xforce.iss.net/xforce/xfdb/15443

in order to propagate a bot of some sort.


---------------------------------

Jim Clausing
Keywords:
0 comment(s)
Diary Archives