[nsp-sec] ACK 174 RE: Linux webserver botnet
Shelton, Steve
sshelton at Cogentco.com
Mon Sep 14 15:28:51 EDT 2009
Tom,
I'm sorry, but I don't have the specific files. An analysis of the
payload can be found at the following URL.
http://wepawet.iseclab.org/view.php?hash=f3d40a9f37dca288e5382996d5efa5e
6&t=1252297985&type=js
Steve Shelton
Security Engineer
Cogent Communications
-----Original Message-----
From: Tom Daly [mailto:tom at dyn.com]
Sent: Monday, September 14, 2009 1:20 PM
To: Shelton, Steve
Cc: Thomas Hungenberg; NSP-SEC List
Subject: Re: [nsp-sec] ACK 174 RE: Linux webserver botnet
> Payload was the usual:
>
> :8080/index.php
> :8080/cache/readme.pdf
Steve,
Any chance you have copies of these files?
Tom
--
Tom Daly
CTO, Dynamic Network Services, Inc.
Ph: 603-296-1537
http://dyn.com/
More information about the nsp-security
mailing list