Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: More agobot/phatbot/polybot variants, cPanel resetpass exploit - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More agobot/phatbot/polybot variants, cPanel resetpass exploit
More agobot/phatbot/polybot variants

We've received e-mail today of several sites reporting infections of machines that are apparently current on patches and running current anti-virus signatures that have been infected with what appear to be agobot/phatbot/polybot variants. We're still awaiting more detailed forensic examination of the infected machines.

cPanel resetpass exploit

We also received e-mail today from an individual who has captured evidence of attempts to exploit the cPanel resetpass vulnerability described at

in order to propagate a bot of some sort.


Jim Clausing

408 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!