[Dshield] Dalnet being uses as a C&C server

ge at linuxbox.org ge at linuxbox.org
Wed Jun 20 01:02:16 GMT 2007

On 2007-06-19 20:04-0400, Larry wrote:
>I have found a compromised hosting client on one of our servers. The bot
>is connecting to dalnet for C&C. Can you please assist in terminating this?

I believe dalnet still has an abuse and kline commitees... but I haven't
been up to date in.. wow.

>>From one of the perl scripts:
>root at w11 [/home/serluna/public_html]# cat
>exit if fork;
>use IO::Socket;
>full script available upon request.
>SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
>instructors, and a great tools and solutions expo. Register today!
>http://www.sans.org/info/4651 (brochure code ISC)

"beepbeep it, i leave work, stop reading sec lists and im still hearing
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.

More information about the list mailing list