Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: More agobot/phatbot/polybot variants, cPanel resetpass exploit - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More agobot/phatbot/polybot variants, cPanel resetpass exploit
More agobot/phatbot/polybot variants

We've received e-mail today of several sites reporting infections of machines that are apparently current on patches and running current anti-virus signatures that have been infected with what appear to be agobot/phatbot/polybot variants. We're still awaiting more detailed forensic examination of the infected machines.



cPanel resetpass exploit

We also received e-mail today from an individual who has captured evidence of attempts to exploit the cPanel resetpass vulnerability described at

http://archives.neohapsis.com/archives/bugtraq/2004-03/0116.html
http://xforce.iss.net/xforce/xfdb/15443

in order to propagate a bot of some sort.


---------------------------------

Jim ClausingI will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019

Jim

407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!