Full Disclosure mailing list archives
Re: SSH scans, i caught one
From: Marco van Berkum <marco () obit nl>
Date: Sat, 20 Nov 2010 13:56:22 +0100
On 11/19/2010 09:11 PM, OrderZero wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looks like the syslgd is your average botnet, simply connects to an irc for cnc, from strings... WHO@^NICKªH^@c^_ì{JOIN^_:^ONULL^GOþÿ>^f3µT%9:unable to resolveÃ?`Ã;#spoofs: where #spoofs could be the channel, no cleartext server however (other than a conspicuous string "nubnet")..a disassembly of said syslgd is attached...
Nice one. I assumed the syslgd was for overwriting syslogd to hide its tracks but it doesn't look like that indeed. Like many people already thought, this is starting to look like a mips-router-hacking-irc-botnet. Leaves me with two questions. Why MIPS? And whats the purpose. I think DDOS, but who knows... Grtz, Marco van Berkum _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH scans, i caught one Marco van Berkum (Nov 19)
- Re: SSH scans, i caught one Alan Buxey (Nov 19)
- Re: SSH scans, i caught one Marco van Berkum (Nov 19)
- Re: SSH scans, i caught one Julien Reveret (Nov 19)
- Re: SSH scans, i caught one Marco van Berkum (Nov 19)
- Re: SSH scans, i caught one Marco van Berkum (Nov 19)
- Re: SSH scans, i caught one Marco van Berkum (Nov 19)
- Re: SSH scans, i caught one Alan Buxey (Nov 19)
- Re: SSH scans, i caught one Marco van Berkum (Nov 19)
- <Possible follow-ups>
- Re: SSH scans, i caught one OrderZero (Nov 20)
- Re: SSH scans, i caught one Marco van Berkum (Nov 20)
- Re: SSH scans, i caught one Robin (Nov 20)
- Re: SSH scans, i caught one Marco van Berkum (Nov 20)
- Re: SSH scans, i caught one Egon Alter (Nov 20)
- Re: SSH scans, i caught one Marco van Berkum (Nov 20)
- Re: SSH scans, i caught one Marco van Berkum (Nov 20)
- Message not available
- Re: SSH scans, i caught one Thor (Hammer of God) (Nov 22)
- Message not available
- Re: SSH scans, i caught one Graham Gower (Nov 22)
- Re: SSH scans, i caught one Valdis . Kletnieks (Nov 22)
- Re: SSH scans, i caught one Marco van Berkum (Nov 22)
- Re: SSH scans, i caught one Marco van Berkum (Nov 20)
- Re: SSH scans, i caught one Lukasz Jaroszewski (Nov 22)