<[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 4:09 AM
Subject: Bind 8 Exploit - Trojan
> The Bind 8 Exploit sent to bugtraq users by "[EMAIL PROTECTED]" is a
> Trojan, as I'm sure many have found out at this point.
>
> It attacks dns1.nai.com, and I haven
Yesterday, Matt Lewis wrote:
> How did this get approved, did anyone test it or review it?
and Today, Brett Eldridge pointed out:
> i don't think that the moderator's job is to test all the exploits that
> get mailed to the list.
[...]
> that said, anybody who blindly uses exploit code deserves
On Wed, 31 Jan 2001, Matt Lewis wrote:
> It attacks dns1.nai.com, and I haven't researched it extensively yet,
> wanted to get this out. There's quite possibly other things going on as
> well, locally.
well, there is something going on locally, read it bellow
> I straced it and got odd results,
On Wed, 31 Jan 2001, Matt Lewis wrote:
> How did this get approved, did anyone test it or review it?
i don't think that the moderator's job is to test all the exploits that
get mailed to the list.
the moderator's job is to reject messages which don't adhere to the policy
of the list.
that said
Analyzis of the bind8 trojaned exploit
--
here's the code:
0x8049540 : jmp0x8049576
0x8049542 :pop%esi
0x8049543 :mov$0x1,%ebx
0x8049548 :mov%esi,%ecx
0x804954a : mov$0x66,%eax
0x804954f : int$0x80
The Bind 8 Exploit sent to bugtraq users by "[EMAIL PROTECTED]" is a
Trojan, as I'm sure many have found out at this point.
It attacks dns1.nai.com, and I haven't researched it extensively yet,
wanted to get this out. There's quite possibly other things going on as
well, locally.
I straced it an
