Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.
82df762231b40c0bacfb4861cb2b105cPHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit.
eb272c6ff1c00e0c3cdc8c49150c4be4This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".
6d35b4aae06d6486bf87ed8f10cfbfb4This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.
d43c04ad521b75f49917fecff05e6333Whitepaper called How Conficker makes use of MS08-067.
89a1d4338199280d5e76e4e9fa342747Whitepaper called Using "ShoutBoxes" to control malicious software.
551ed6acbcc96e5e1cda2bfd514bbbebTechnical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.
11f2942a818aea1b0588694b2e6fb165Whitepaper called Exploiting Web 2.0, Real Life XSS-Worm.
6f43b52656e363dadf4f84b3c9cf8ce7The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.
a4bd6a31749a23236f15aac1e67d2032The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA.
22042d6df89712ab5d890a119d751158Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.
3c73f4b71f6456ca1c51dfdb2699536cThis code shows how to send hidden data steganographed into a simulation of common (worm) traffic.
556f37cbd09cef7aaa5b1ac44a48cf4eA Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version.
bdf32a59c2698f26abe112066a65967dA Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the binary executable version.
1d3642adf9dab516eb15d202c3fc7ba4vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure.
54bbcfefd188d4132efa6a21b37bb8caAdvanced Polymorphic Worms: Evading IDS by Blending with Normal Traffic.
3590541dd2f42d7182e4d09494dcf016Anomalous Payloadbased Worm Detection and Signature Generation.
fa3d6697c273b49489b40e166f7818c5Autograph: Toward Automated, Distributed Worm Signature Detection.
a55d83605ae8b4afde4c539036fa233cPolygraph: Automatically Generating Signatures for Polymorphic Worms.
13b59cf5acd83feffb4917c2f463dfe3Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
065a77e7fef6c08ad0d590c084610ab2Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilities worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular.
7eb9fa1e3f819d5aa3c9ac81a572a724Myspace.com appears to have a worm propagating via user pages.
5dc702af1a82b665f4cf519e20f3c8d5Whitepaper written to address both FUD and rumors surrounding the release of detailed information about the InqTana proof of concept worm.
bf9d8ed44386ceecb2b2acec222a0edbSysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
0b508e7103f184159c54d7e5cfd7d77amwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like Linux. The mwcollect daemon mwcollectd opens ports that are known to be commonly exploited by Malware and simulates certain known vulnerabilities on them.
d9ecc6cd8838d6ade4b486e9e27e4cfb
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed