Also the spy.gif script:
CENTER
DIV STYLE=font-family: verdana; font-size: 25px; font-weight: bold;
color: #F3A700;SPYKIDS PHP Command/Safemode Exploit 4.1/DIV
BR
DIV STYLE=font-family: verdana; font-size: 20px; font-weight: bold;
color: #F3A700;Informação do sistema/DIV
?php
// Ae galera se
Covered on the F-Secure weblog, the DNS has been pointed at 127.0.0.2
so no more bots will be connecting. Just posting the source incase
5wk.com dies:
#!/usr/bin/perl
#
# # # #
# # # # ## # ### # # # #
Hi!
There is a Worm pending around trying about 50 exploits in php
applications... like a further developed Santy Worm... The author calls
himself POERSCHKE and seems to cooperation with a guy called _CaKe_.
After having triggered my IDS I started investigating a little bit about an
attack from