Bugtraq mailing list archives
Bind 8 Exploit - Trojan
From: Matt Lewis <matt () NINJAS ORG>
Date: Wed, 31 Jan 2001 20:09:33 -0800
The Bind 8 Exploit sent to bugtraq users by "nobody () replay com" is a Trojan, as I'm sure many have found out at this point. It attacks dns1.nai.com, and I haven't researched it extensively yet, wanted to get this out. There's quite possibly other things going on as well, locally. I straced it and got odd results, the last time I ran it, it didn't launch the attack. Shellcode analyzation would be required here. How did this get approved, did anyone test it or review it? You can see the IP address for dns1.nai.com listed in the shellcode included with the file. It forks off many copies of itself and violently attacks NAI's nameserver. I sent this out hastily, so forgive any mistakes made beyond the original observation of the attack. -Matt Lewis
Current thread:
- Bind 8 Exploit - Trojan Matt Lewis (Feb 01)