[nsp-sec] rooted UNIX boxes
Serge Droz
serge.droz at switch.ch
Tue Jun 28 10:41:26 EDT 2011
ACK | CH | (AS21069)
On 28/6/11 11:27, Dirk Stander wrote:
> Hi,
>
> please find attached a list of compromised servers found
> in an email drop box. The servers do have a userland root
> kit installed and are running a trojanized ssh/sshd.
>
> I'm not sure about the initial attack vector.
>
> The format of the list is:
> <ASN> | <CC> | <IP> | <PTR> | <time GMT> | <SMTP sender> | <AS DESC>
>
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
More information about the nsp-security
mailing list