[nsp-sec] rooted UNIX boxes
Torsten Voss
voss at dfn-cert.de
Tue Jun 28 08:53:03 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Dirk,
thanks and ACK 12816
Cheers,
Torsten
Am 28.06.2011 11:27, schrieb Dirk Stander:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> please find attached a list of compromised servers found
> in an email drop box. The servers do have a userland root
> kit installed and are running a trojanized ssh/sshd.
>
> I'm not sure about the initial attack vector.
>
> The format of the list is:
> <ASN> | <CC> | <IP> | <PTR> | <time GMT> | <SMTP sender> | <AS DESC>
>
> kind regards, Dirk Stander (1&1 Internet AG) :.
>
> 20110628-rooted-boxes.txt
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAk4Jzq4ACgkQLn8qYyAllOQgmgCfSZ7RmfrJ0bCmFaGyIcZherDG
8SkAnRw0jkvjV97DzG2FHHyPjM05Wamh
=kW3+
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list