[nsp-sec] Ack 3701 Re: Active shells from the Bredolab investigation
Stephen Fromm
stephenf at nero.net
Tue Nov 2 14:12:08 EDT 2010
On Tue, 2010-11-02 at 16:44 +0100, Dave Woutersen (GOVCERT.NL) wrote:
> Sorry if you received this information already via a different closed
> list.
>
> In the tapdata from the bredolab investigation we have found
> different
> websites which were vulnerable for a OpenX adds vulnerability, got
> powned
> and either a r57 shell, WSO 2.4 shell or SSHdb shell installed. Its
> going
> to be a hell of a job getting these sites cleaned, if you come across
> a
> site you have contact, feel free to send them a note. We will be
> trying to
> send NTD's to all of them where possible.
>
> Some of the URLs mentioned could be down already. Timestamps mentioned
> in
> the attached list are in UTC.
ACK for 3701.
--
Stephen Fromm
Network for Education and Research in Oregon
University of Oregon
More information about the nsp-security
mailing list