Incidents
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: Suspicious files in /tmp Jun 18 2007 05:08PM
Jamie Riden (jamie riden gmail com)
Hi there,

It looks like the bot exploits a remote file include in
mosConfig_absolute_path - I think this would be Mambo or a component
of Mambo. It looks a lot like a compromise attempt I saw a year or so
back - http://infosecwriters.com/texts.php?op=display&id=416 [pdf,
sorry].

In the one I saw,...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus