More info at: http://online.securityfocus.com/bid/5363/discussion/ Also see below... Adam
Date: Fri, 13 Sep 2002 18:16:33 +0100 From: Ben Laurie <ben@algroup.co.uk> To: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>, Cryptography <cryptography@wasabisystems.com>, cypherpunks <cypherpunks@einstein.ssz.com>, Apache SSL <apache-ssl@lists.aldigital.co.uk> Subject: OpenSSL worm in the wild
I have now seen a worm for the OpenSSL problems I reported a few weeks back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should be _seriously worried_.
It appears to be exclusively targeted at Linux systems, but I wouldn't count on variants for other systems not existing.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff