> How did this get approved, did anyone test it or review it?

Didn't you? - I'd rather see the information despatched to us quickly and
treat it with caution, than have delays introduced whilst the code is
rigorously tested.  The moderators already have a lot on their plate without
dumping this responsibility on them.

Take Care
Talisker's Network Security Tools List

Security Tools Notification
----- Original Message -----
From: "Matt Lewis" <[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 4:09 AM
Subject: Bind 8 Exploit - Trojan

> The Bind 8 Exploit sent to bugtraq users by "[EMAIL PROTECTED]" is a
> Trojan, as I'm sure many have found out at this point.
> It attacks dns1.nai.com, and I haven't researched it extensively yet,
> wanted to get this out. There's quite possibly other things going on as
> well, locally.
> I straced it and got odd results, the last time I ran it, it didn't
> launch the attack. Shellcode analyzation would be required here.
> How did this get approved, did anyone test it or review it?
> You can see the IP address for dns1.nai.com listed in the shellcode
> included with the file. It forks off many copies of itself and violently
> attacks NAI's nameserver.
> I sent this out hastily, so forgive any mistakes made beyond the
> original observation of the attack.
> -Matt Lewis

Reply via email to