Security Incidents mailing list archives
Re: Can anyone explain this compromise?
From: Fredrik Ostergren <fredrik.ostergren () FREEBOX COM>
Date: Sat, 12 Aug 2000 13:24:15 -0000
Hello! Blackhand is an ircnet crew. They probably runs bots on your server, atleast according to the logs. I think that some "enemy" ircnet crew mailed these logs, we've seen such attempts to "kill" other ircnet crews before. However, if you wan't my help to look thru the binaries, just send me an email and i'll be happy to help you out. Cheers. / Fredrik. Hi all, We have been receiving messages like below from sites around the world warning us that "ourhost.dom.com.au" has been compromised. Here is one of the messages: <FONT COLOR="#222255">>Your shells have been hacked by a group called</FONT> <FONT COLOR="#222255">> > BlackHand. They hack shells and then they root and</FONT> <FONT COLOR="#222255">>do</FONT> <FONT COLOR="#222255">> > illegal things like run illegal backgrounds in</FONT> <FONT COLOR="#222255">>servers</FONT> <FONT COLOR="#222255">> > smurf scan etc. Here is some proof:</FONT> <FONT COLOR="#222255">> ></FONT> <FONT COLOR="#222255">>SNK- is <A HREF="mailto:snk () ourhost dom com au">snk () ourhost dom com au< /A> * Do whois if you</FONT> <FONT COLOR="#222255">>are a gay</FONT> <FONT COLOR="#222255">>SNK- using *.au [0:0:0:0:0:ffff:203.37.45.3] TI IRC</FONT> <FONT COLOR="#222255">>Server</FONT> <FONT COLOR="#222255">>SNK- End of WHOIS list.</FONT> <FONT COLOR="#222255">></FONT> Other messages are exactly the same but in adition include stuff like "you have been r00ted and trojan login, ps, su binaries inserted" Any ideas? Thanks, Max Max Steel Omega-Xpress ____________________________________________________________ ____________ Get Your Private, Free E-mail from MSN Hotmail at <A TARGET=nonlocal HREF="/external/http://www.hotmail.com">http://www.hotmail.c om</A>
Current thread:
- Can anyone explain this compromise? Sir Scriptzalot (Aug 10)
- Re: Can anyone explain this compromise? Osvaldo Janeri Filho (Aug 13)
- Re: Can anyone explain this compromise? Fredrik Ostergren (Aug 13)
- Re: Can anyone explain this compromise? Ryan Sweat (Aug 13)
- <Possible follow-ups>
- Re: Can anyone explain this compromise? Luke Dudney (Aug 13)
- Re: Can anyone explain this compromise? apa The (Aug 13)