[Dshield] Dalnet being uses as a C&C server

Larry lbrower at servermanagementsolutions.com
Wed Jun 20 00:04:39 GMT 2007


greetings:

I have found a compromised hosting client on one of our servers. The bot
is connecting to dalnet for C&C. Can you please assist in terminating this?

>From one of the perl scripts:

root at w11 [/home/serluna/public_html]# cat
/home/serluna/public_html/includes/.log/jancok.pl
#!/usr/bin/perl

$chan="#JagungNet";
$nick=$ARGV[0];
$server="rumble.dal.net";

$SIG{TERM}={};
exit if fork;

use IO::Socket;


full script available upon request.



More information about the list mailing list