[Dshield] Dalnet being uses as a C&C server
fixer at gci.net
Wed Jun 20 01:17:06 GMT 2007
Can you send me a copy of the script? I'd like to take a look at it. Thanks!
"No trees were killed in the sending of this message. However, a large number of electrons were inconvenienced."
----- Original Message -----
From: Larry <lbrower at servermanagementsolutions.com>
Date: Tuesday, June 19, 2007 4:56 pm
Subject: [Dshield] Dalnet being uses as a C&C server
To: list at lists.dshield.org
> I have found a compromised hosting client on one of our servers.
> The bot
> is connecting to dalnet for C&C. Can you please assist in
> terminating this?
> >From one of the perl scripts:
> root at w11 [/home/serluna/public_html]# cat
> exit if fork;
> use IO::Socket;
> full script available upon request.
> SANSFIRE 2007 July 25-August 2 in Washington, DC. 56 courses, SANS
> topinstructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
More information about the list