BSD.Worm.Scalper Analysis
Posted on 02.07.2002
Virus analyzed by:
Sorin Victor DUDEA
BitDefender Virus Researcher
http://www.bitdefender.com

Name: BSD.Worm.Scalper
Aliases: FreeBSD.Scalper.Worm
Type: Executable Worm Mailer
Size: ~51626 bytes
Discovered: 06, 29, 2002
Detected: 06, 29, 2002, 14:00 (GMT+2)
Spreading: Low
Damage: Low
ITW: Unknown
Symptoms:

- file .a in tmp

Technical description:

This is an Internet worm that attacks Apache servers running under FreeBSD platforms.

It uses the Apache HTTP Server chunk encoding stack overflow vulnerability to upload itself and run under those operating systems.
After its first execution the worm starts scanning for Apache servers running under FreeBSD OS and if it finds any it uses the above vulnerability to upload and execute itself.

For every web page it finds, it will download them and search for e-mail addresses in its html pages. When it finishes searching it will send spam emails to those addresses using a public SMTP server.



HNS Note: Apache Chunk Handling Roundup is available here:
http://www.net-security.org/article.php?id=134





Spotlight

Overwhelming optimism for information security in 2015

Posted on 19 November 2014.  |  Expectations for data security next year are surprisingly optimistic given the harsh reality of 2014. Enterprise security staffers are so confident that most respondents said they would "personally guarantee that their company's customer data will be safe in 2015."


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //