Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: More agobot/phatbot/polybot variants, cPanel resetpass exploit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More agobot/phatbot/polybot variants, cPanel resetpass exploit
More agobot/phatbot/polybot variants

We've received e-mail today of several sites reporting infections of machines that are apparently current on patches and running current anti-virus signatures that have been infected with what appear to be agobot/phatbot/polybot variants. We're still awaiting more detailed forensic examination of the infected machines.



cPanel resetpass exploit

We also received e-mail today from an individual who has captured evidence of attempts to exploit the cPanel resetpass vulnerability described at

http://archives.neohapsis.com/archives/bugtraq/2004-03/0116.html
http://xforce.iss.net/xforce/xfdb/15443

in order to propagate a bot of some sort.


---------------------------------

Jim ClausingI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS San Antonio 2020

Jim

409 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!