Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Reports of Attacks against EXIM vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Reports of Attacks against EXIM vulnerability

Published: 2010-12-17
Last Updated: 2010-12-17 17:40:25 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Users of the popular exim mail server report attacks exploiting the recently patches vulnerability [1,2].  It appears that the attacks are scripted and installing popular rootkits. If you experienced an attack against exim: We are interested in packet captures or other logs showing how the attack is performed.

[1] http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_got_installed_on_my/
[2] http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: exim
4 comment(s)
Diary Archives