Security Basics mailing list archives
Re: Does anyone know which Malware owns this?
From: infolookup () gmail com
Date: Fri, 11 Dec 2009 01:04:06 +0000
Did you try to analyze the files from the redirected link or run the pcap through network miner and other tools to see what files you can extract from there? ------Original Message------ From: Paul Halliday Sender: listbounce () securityfocus com To: Securityfocus Subject: Does anyone know which Malware owns this? Sent: Dec 7, 2009 12:00 PM There was a lot of ssh activity prior to this: NICK Mafiotul USER putini . . :Dar buni NOTICE AUTH :*** Checking Ident :Tampa.FL.US.Undernet.org 433 * Mafiotul :Nickname is already in use. NICK Mafiotul_ NICK _afiotul_ .... WHOIS Mafio5945 MODE Mafio5945 +i-ws JOIN #MafiaBOT # NICK Mafiotul The box also fetched this: http://www.laguna.evolink.ro/server/6969.pl I also see ICMP 6666 "skillz"; stacheldraht? on a new install of centOS? Domains appear to be US, Japan and Macedonia (for the IRC part). I don't have access to the box I am trying to reconstruct from pcaps only. Tips/pointers welcome. Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ www.twitter.com/infolookup
Current thread:
- Does anyone know which Malware owns this? Paul Halliday (Dec 10)
- RE: Does anyone know which Malware owns this? Steven Scheffler (Dec 11)
- <Possible follow-ups>
- Re: Does anyone know which Malware owns this? infolookup (Dec 11)