Michael Renzmann <[EMAIL PROTECTED]> writes: > One thing that makes me wonder: after I wrote my first few lines about > the attack on the rlx blade server that we experienced, someone gave a > correct hint to the worm (describing it with some of its actions), and > also mentioned a URL for the source code of the worm. When looking at > that source (http://dammit.lt/apache-worm/apache-worm.c) it is quite > obviously that "our" source is totally different.
The bot is roughly the same, only the exploit is different. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
