Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: More agobot/phatbot/polybot variants, cPanel resetpass exploit SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More agobot/phatbot/polybot variants, cPanel resetpass exploit
More agobot/phatbot/polybot variants

We've received e-mail today of several sites reporting infections of machines that are apparently current on patches and running current anti-virus signatures that have been infected with what appear to be agobot/phatbot/polybot variants. We're still awaiting more detailed forensic examination of the infected machines.

cPanel resetpass exploit

We also received e-mail today from an individual who has captured evidence of attempts to exploit the cPanel resetpass vulnerability described at

in order to propagate a bot of some sort.


Jim ClausingI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Live Online Europe February 2022 Volume 1


423 Posts
ISC Handler
Apr 3rd 2004

Sign Up for Free or Log In to start participating in the conversation!