[nsp-sec] compromised unix systems
Tim Wilde
twilde at cymru.com
Mon Aug 31 09:35:30 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/31/2009 7:18 AM, Rolf Gartmann wrote:
> add-on to this case,
> the 'malware' in question is located under:
>
> http://s11[DOT]info/d/m
>
> (attached as well).
>
> looking at it, IRC pwd would be:
>
> --snip--
> print $sock 'PASS oligarchy'."\r\n";
> --snip--
Thanks Rolf! I took a bit of a poke at that IRC server and it doesn't
actually appear to have any clients infected with this malware installed
on it at the moment. I'll probably be getting DDoSed in a second here,
since I poked a bit much from my home IP in addition to our normal
poking, but hey. :)
Again, this one isn't quite obviously enough bad to apply the magic LART
stick to, though it does seem ... interesting. :)
Thanks,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqb0aIACgkQluRbRini9tgX1ACfaHVhnbhCYxIis//497LOODVp
1GYAnj3XmKM2rpwdi87N3zOL5vBHmTxz
=kqoB
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list