Worm Files ≈ Packet Storm

Worm Files ≈ Packet Storm Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:02:49 GMT Packet Storm 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1917442320&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Worm%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fworm%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1917442320.1338192169.1338192169.1338192169.1%3B%2B__utmz%3D32867617.1338192169.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) Wormtrack Network IDS 0.1 http://packetstormsecurity.org/files/106814/wormtrack-0.1.tar.gz http://packetstormsecurity.org/files/106814/wormtrack-0.1.tar.gz http://packetstormsecurity.org/files/106814/Wormtrack-Network-IDS-0.1.html Thu, 10 Nov 2011 02:38:15 GMT Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats. PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution http://packetstormsecurity.org/files/89190/phpnukeworm-exec.txt http://packetstormsecurity.org/files/89190/phpnukeworm-exec.txt http://packetstormsecurity.org/files/89190/PHP-Nuke-7.0-8.1-8.1.35-Wormable-Remote-Code-Execution.html Wed, 05 May 2010 00:53:06 GMT PHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit. LPRng use_syslog Remote Format String Vulnerability http://packetstormsecurity.org/files/86422/lprng_format_string.rb.txt http://packetstormsecurity.org/files/86422/lprng_format_string.rb.txt http://packetstormsecurity.org/files/86422/LPRng-use_syslog-Remote-Format-String-Vulnerability.html Wed, 17 Feb 2010 23:45:41 GMT This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin". Sasser Worm avserve FTP PORT Buffer Overflow http://packetstormsecurity.org/files/83085/sasser_ftpd_port.rb.txt http://packetstormsecurity.org/files/83085/sasser_ftpd_port.rb.txt http://packetstormsecurity.org/files/83085/Sasser-Worm-avserve-FTP-PORT-Buffer-Overflow.html Thu, 26 Nov 2009 00:34:53 GMT This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten. How Conficker Makes Use Of MS08-067 http://packetstormsecurity.org/files/76653/conficker-ms0867.pdf http://packetstormsecurity.org/files/76653/conficker-ms0867.pdf http://packetstormsecurity.org/files/76653/How-Conficker-Makes-Use-Of-MS08-067.html Wed, 15 Apr 2009 00:06:50 GMT Whitepaper called How Conficker makes use of MS08-067. Using ShoutBoxes To Control Malicious Software http://packetstormsecurity.org/files/76639/shoutbox.pdf http://packetstormsecurity.org/files/76639/shoutbox.pdf http://packetstormsecurity.org/files/76639/Using-ShoutBoxes-To-Control-Malicious-Software.html Tue, 14 Apr 2009 23:17:50 GMT Whitepaper called Using "ShoutBoxes" to control malicious software. Technical Cyber Security Alert 2009-88A http://packetstormsecurity.org/files/76172/TA09-088A.txt http://packetstormsecurity.org/files/76172/TA09-088A.txt http://packetstormsecurity.org/files/76172/Technical-Cyber-Security-Alert-2009-88A.html Mon, 30 Mar 2009 19:50:26 GMT Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. Exploit Web 2.0, Real Life XSS-Worm http://packetstormsecurity.org/files/74704/xss-worm.pdf http://packetstormsecurity.org/files/74704/xss-worm.pdf http://packetstormsecurity.org/files/74704/Exploit-Web-2.0-Real-Life-XSS-Worm.html Thu, 05 Feb 2009 22:08:04 GMT Whitepaper called Exploiting Web 2.0, Real Life XSS-Worm. vbulletin-xssxsrf.txt http://packetstormsecurity.org/files/72133/vbulletin-xssxsrf.txt http://packetstormsecurity.org/files/72133/vbulletin-xssxsrf.txt http://packetstormsecurity.org/files/72133/vbulletin-xssxsrf.txt.html Thu, 20 Nov 2008 22:44:51 GMT The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues. ACM-CFP2007.txt http://packetstormsecurity.org/files/57240/ACM-CFP2007.txt http://packetstormsecurity.org/files/57240/ACM-CFP2007.txt http://packetstormsecurity.org/files/57240/ACM-CFP2007.txt.html Wed, 20 Jun 2007 05:02:32 GMT The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA. Technical Cyber Security Alert 2007-59A http://packetstormsecurity.org/files/54815/TA07-059A.txt http://packetstormsecurity.org/files/54815/TA07-059A.txt http://packetstormsecurity.org/files/54815/Technical-Cyber-Security-Alert-2007-59A.html Tue, 06 Mar 2007 04:37:19 GMT Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges. blastersteg.tar.gz http://packetstormsecurity.org/files/54796/blastersteg.tar.gz http://packetstormsecurity.org/files/54796/blastersteg.tar.gz http://packetstormsecurity.org/files/54796/blastersteg.tar.gz.html Tue, 06 Mar 2007 01:07:38 GMT This code shows how to send hidden data steganographed into a simulation of common (worm) traffic. Worminator-src.tgz http://packetstormsecurity.org/files/52703/Worminator-src.tgz http://packetstormsecurity.org/files/52703/Worminator-src.tgz http://packetstormsecurity.org/files/52703/Worminator-src.tgz.html Wed, 06 Dec 2006 02:38:51 GMT A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version. Worminator-bin.tgz http://packetstormsecurity.org/files/52702/Worminator-bin.tgz http://packetstormsecurity.org/files/52702/Worminator-bin.tgz http://packetstormsecurity.org/files/52702/Worminator-bin.tgz.html Wed, 06 Dec 2006 02:38:14 GMT A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the binary executable version. vthrottle-0.60.tar.gz http://packetstormsecurity.org/files/52190/vthrottle-0.60.tar.gz http://packetstormsecurity.org/files/52190/vthrottle-0.60.tar.gz http://packetstormsecurity.org/files/52190/vthrottle-0.60.tar.gz.html Thu, 16 Nov 2006 16:52:49 GMT vthrottle is an implementation of an SMTP throttling engine for Sendmail servers, based upon M. Williamson's mechanisms, as described in his 2003 Usenix Security paper. It allows the administrator to control how much email users and hosts may send, hindering the rapid spread of viruses, worms, and spam. Exceptions can be made using a whitelist mechanism, which can be generated manually or with the included tool vmeasure. Advanced-Polymorphic-Worms.pdf http://packetstormsecurity.org/files/51877/Advanced-Polymorphic-Worms.pdf http://packetstormsecurity.org/files/51877/Advanced-Polymorphic-Worms.pdf http://packetstormsecurity.org/files/51877/Advanced-Polymorphic-Worms.pdf.html Wed, 01 Nov 2006 16:23:02 GMT Advanced Polymorphic Worms: Evading IDS by Blending with Normal Traffic. Anomalous-Payload-based-Worm-Detection-and-Signature-Generation.pdf http://packetstormsecurity.org/files/51881/Anomalous-Payload-based-Worm-Detection-and-Signature-Generation.pdf http://packetstormsecurity.org/files/51881/Anomalous-Payload-based-Worm-Detection-and-Signature-Generation.pdf http://packetstormsecurity.org/files/51881/Anomalous-Payload-based-Worm-Detection-and-Signature-Generation.pdf.html Wed, 01 Nov 2006 16:23:02 GMT Anomalous Payloadbased Worm Detection and Signature Generation. Autograph.pdf http://packetstormsecurity.org/files/51885/Autograph.pdf http://packetstormsecurity.org/files/51885/Autograph.pdf http://packetstormsecurity.org/files/51885/Autograph.pdf.html Wed, 01 Nov 2006 16:23:02 GMT Autograph: Toward Automated, Distributed Worm Signature Detection. Polygraph.pdf http://packetstormsecurity.org/files/51905/Polygraph.pdf http://packetstormsecurity.org/files/51905/Polygraph.pdf http://packetstormsecurity.org/files/51905/Polygraph.pdf.html Wed, 01 Nov 2006 16:23:02 GMT Polygraph: Automatically Generating Signatures for Polymorphic Worms. sysmask-1.08.tgz http://packetstormsecurity.org/files/50643/sysmask-1.08.tgz http://packetstormsecurity.org/files/50643/sysmask-1.08.tgz http://packetstormsecurity.org/files/50643/sysmask-1.08.tgz.html Thu, 05 Oct 2006 03:56:57 GMT Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software. nepenthes-0.1.7.tar.bz2 http://packetstormsecurity.org/files/50220/nepenthes-0.1.7.tar.bz2 http://packetstormsecurity.org/files/50220/nepenthes-0.1.7.tar.bz2 http://packetstormsecurity.org/files/50220/nepenthes-0.1.7.tar.bz2.html Fri, 22 Sep 2006 00:20:23 GMT Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilities worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular. myspace.txt http://packetstormsecurity.org/files/49522/myspace.txt http://packetstormsecurity.org/files/49522/myspace.txt http://packetstormsecurity.org/files/49522/myspace.txt.html Tue, 29 Aug 2006 03:02:42 GMT Myspace.com appears to have a worm propagating via user pages. InqTanaThroughTheEyes.txt http://packetstormsecurity.org/files/44144/InqTanaThroughTheEyes.txt http://packetstormsecurity.org/files/44144/InqTanaThroughTheEyes.txt http://packetstormsecurity.org/files/44144/InqTanaThroughTheEyes.txt.html Sun, 26 Feb 2006 01:28:37 GMT Whitepaper written to address both FUD and rumors surrounding the release of detailed information about the InqTana proof of concept worm. sysmask-1.06.tgz http://packetstormsecurity.org/files/43656/sysmask-1.06.tgz http://packetstormsecurity.org/files/43656/sysmask-1.06.tgz http://packetstormsecurity.org/files/43656/sysmask-1.06.tgz.html Wed, 08 Feb 2006 05:42:48 GMT Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software. mwcollect-3.0.3.tar.bz2 http://packetstormsecurity.org/files/43588/mwcollect-3.0.3.tar.bz2 http://packetstormsecurity.org/files/43588/mwcollect-3.0.3.tar.bz2 http://packetstormsecurity.org/files/43588/mwcollect-3.0.3.tar.bz2.html Mon, 06 Feb 2006 03:13:14 GMT mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like Linux. The mwcollect daemon mwcollectd opens ports that are known to be commonly exploited by Malware and simulates certain known vulnerabilities on them.