Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Suspicious files in /tmp
Jun 18 2007 05:08PM
Jamie Riden (jamie riden gmail com)
It looks like the bot exploits a remote file include in
mosConfig_absolute_path - I think this would be Mambo or a component
of Mambo. It looks a lot like a compromise attempt I saw a year or so
back - http://infosecwriters.com/texts.php?op=display&id=416 [pdf,
In the one I saw,...
[ more ]
Copyright 2010, SecurityFocus