Today, I noticed that a process ./spc1 was running on my linux (debian) machine. I only noticed it because it was preventing apache from restarting. Looking in the error log I found evidence of what I assume is an exploit succeeding in getting apache to download code to my machine, and presumably starting it:

[Tue Sep 2 06:27:56 2003] [notice] Accept mutex: sysvsem (Default: sysvsem)
mkdir: cannot create directory `/var/tmp/.xpl': File exists
--08:54:32-- http://their.site.hostname/spc1
=> `spc1.2'
Resolving their.site.hostname... done.
Connecting to their.site.hostname[xxx.15.82.20]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19,589 [text/plain]

0K .......... ......... 100% 14.37 KB/s

08:54:34 (14.37 KB/s) - `spc1.2' saved [19589/19589]

I can't find any reference to this exploit on the web however, so am not sure what it was and what it might have done in addition to running, and presumably propagating itself.

Does anyone know what this would have been and what it was likely to have been up to?

Guy