[nsp-sec] rooted UNIX boxes
Zoe O'Connell
zoe at hotchilli.com
Tue Jun 28 06:23:49 EDT 2011
Proxy ACK for AS35425 - I don't think they're on here but I know someone
over there I can pass this on to. Thanks.
On 28/06/11 10:27, Dirk Stander wrote:
> please find attached a list of compromised servers found
> in an email drop box. The servers do have a userland root
> kit installed and are running a trojanized ssh/sshd.
>
> I'm not sure about the initial attack vector.
>
> The format of the list is:
> <ASN> | <CC> | <IP> | <PTR> | <time GMT> | <SMTP sender> | <AS DESC>
>
> kind regards, Dirk Stander (1&1 Internet AG) :.
>
> 20110628-rooted-boxes.txt
>
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 6 05:32:27 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 13 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 05:25:16 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:03:51 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:53:15 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:53:41 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:53:42 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:55:29 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 20 20:55:38 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Fri May 27 05:25:18 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 16 05:25:12 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 16 08:27:53 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 23 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 30 05:25:19 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 30 12:58:26 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Mon May 30 13:25:44 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat Apr 30 11:08:03 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat Apr 30 11:08:07 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat May 7 05:25:46 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat May 14 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat May 21 05:25:10 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat May 28 05:25:19 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sat May 28 12:31:48 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 05:25:14 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 12:11:16 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 12:11:47 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 13:47:18 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 16:58:55 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 16:59:09 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:07:19 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:20:24 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:20:48 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:33:18 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:33:44 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 1 17:35:12 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 8 05:25:47 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 15 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 22 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 22 11:17:22 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 29 05:25:20 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Sun May 29 07:45:33 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 5 05:25:15 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 19 05:25:12 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 19 13:14:27 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 19 13:28:58 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 19 13:36:38 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Thu May 26 05:25:16 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 3 05:25:14 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 10 05:25:17 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 17 05:25:12 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 24 05:25:16 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 24 17:04:16 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Tue May 24 21:00:50 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Wed May 4 05:25:19 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Wed May 11 05:25:11 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Wed May 18 05:25:12 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Wed May 25 05:25:15 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
> 35425 | GB | 89.16.172.66 | steev.vm.bytemark.co.uk. | Wed May 25 16:00:07 2011 | root at steev.vm.bytemark.co.uk | BYTEMARK-AS Bytemark Computer Consulting Ltd
More information about the nsp-security
mailing list