Saturday, February 25, 2006

First post! This morning saw a new turn in the Linux worm, a new script is being distributed via; 219.84.105.36/supina. This uses a pre compiled binary backdoor, a perl backdoor and also a scanning engine (which is compiled).

The scanning engine is called httpd as in previous versions;

Report on httpd -********************************************
MD5: f06095d0fe7cfa389fc4aece9d2afb13
BitDefender: Worm.Linux.Mare.B
ClamAV: No Virus Found
F-Prot: No Virus Found

It seems to have some UDP communications channel to IP addresses;
81.223.104.152
24.224.174.18