[nsp-sec] ACK, AS209 - rooted UNIX boxes
Roper, Sara
Sara.Roper at qwest.com
Tue Jun 28 14:26:04 EDT 2011
ACK AS209, thanks Dirk.
Regards,
Sara
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Tuesday, June 28, 2011 3:28 AM
To: nsp-sec
Subject: [nsp-sec] rooted UNIX boxes
----------- nsp-security Confidential --------
Hi,
please find attached a list of compromised servers found
in an email drop box. The servers do have a userland root
kit installed and are running a trojanized ssh/sshd.
I'm not sure about the initial attack vector.
The format of the list is:
<ASN> | <CC> | <IP> | <PTR> | <time GMT> | <SMTP sender> | <AS DESC>
kind regards, Dirk Stander (1&1 Internet AG) :.
20110628-rooted-boxes.txt
<big snip>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list