Nmap Development mailing list archives
Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers"
From: Ron <ron () skullsecurity net>
Date: Sun, 13 Sep 2009 20:02:30 -0500
On 09/13/2009 07:36 PM, David Fifield wrote:
I understand now. Here is what I got. The first server redirects to the second, which redirects to a third, which redirects back to the second. $ ./nmap --script=http-infected -F 174.143.25.37 -v
> ...That's the same type of behaviour I observed. They must have some mechanism of finding each other, but that's beyond what I'm looking at.
Right now, the script gives folks a way to detect if their own servers have been "infected" by this software.
Think it's useful enough to add to svn? Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" Ron (Sep 12)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" David Fifield (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" Ron (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" David Fifield (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" Ron (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" Ron (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" David Fifield (Sep 13)
- Re: [Unmask Parasites. Blog.] "Dynamic DNS and Botnet of Zombie Web Servers" Ron (Sep 16)