WORM: Mare.D Scan

This signature detects the activity of the Mare.D worm as it scans for vulnerable Linux servers. Mare.D exploits known vulnerabilities in the Mambo content management system and the PHP XML-RPC library. When a successful attack is made, this worm leaves multiple backdoors on infected systems. Two of these are connectback shell backdoors that link to a remote host, while a third backdoor allows the malware's writer to access and control infected systems through Internet Relay Chat (IRC).

References

CVE: CVE-2005-0512

Short Name
WORM:MARE-D-SCAN
Severity
Major
Recommended
False
Recommended Action
Drop
Category
WORM
Keywords
CVE-2005-0512 Mare.D Scan
Release Date
02/28/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown
CVSS Score

7.5

Found a potential security threat?