[Dshield] Dalnet being uses as a C&C server

Larry lbrower at servermanagementsolutions.com
Wed Jun 20 00:04:39 GMT 2007


I have found a compromised hosting client on one of our servers. The bot
is connecting to dalnet for C&C. Can you please assist in terminating this?

>From one of the perl scripts:

root at w11 [/home/serluna/public_html]# cat


exit if fork;

use IO::Socket;

full script available upon request.

More information about the list mailing list