Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Shamrocks and March Madness; Perl bots; MS05-004 update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Shamrocks and March Madness; Perl bots; MS05-004 update
To all the Irish and Irish-at-heart out there, a Happy St. Patrick's Day. (Warning US-centric comment coming next) For those of you who, like me, are college basketball fans, enjoy the next several days of 12+ hours a day of basketball. I know I will. :)

Perl bots

Our intrepid readers (thanks, to the Telenor folks), sent us a copy of 2 bots, written in Perl, that were being installed via an AWSTATS exploit (see and
). The second appears to be an updated version with greater functionality. The irc command and control channel for the first variant seems to be down, the second one appears to still be up and the websites from which the malware was being downloaded are still live. Admins might want to check their proxy or firewall logs for traffic going to and

MS05-004 update

Thanks to Juha-Matti for pointing out that the ASP.NET bulletin from February has been updated. Apparently the Caveats section of KB887219 has been updated based on user experience, but, of course, all our loyal readers have already patched, right? :)


Jim Clausing, jclausing at isc dot sans dot org

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2021


423 Posts
ISC Handler
Mar 18th 2005

Sign Up for Free or Log In to start participating in the conversation!