Security Basics mailing list archives
RE: Does anyone know which Malware owns this?
From: Steven Scheffler <stevens () forwardslash com>
Date: Fri, 11 Dec 2009 12:53:04 +0200
That place is full of Trojan distros: http://www.laguna.evolink.ro/server/ and an IRC log from #MafiaBOT channel: http://www.laguna.evolink.ro/server/roate.txt -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Paul Halliday Sent: 07 December 2009 07:00 PM To: Securityfocus Subject: Does anyone know which Malware owns this? There was a lot of ssh activity prior to this: NICK Mafiotul USER putini . . :Dar buni NOTICE AUTH :*** Checking Ident :Tampa.FL.US.Undernet.org 433 * Mafiotul :Nickname is already in use. NICK Mafiotul_ NICK _afiotul_ .... WHOIS Mafio5945 MODE Mafio5945 +i-ws JOIN #MafiaBOT # NICK Mafiotul The box also fetched this: http://www.laguna.evolink.ro/server/6969.pl I also see ICMP 6666 "skillz"; stacheldraht? on a new install of centOS? Domains appear to be US, Japan and Macedonia (for the IRC part). I don't have access to the box I am trying to reconstruct from pcaps only. Tips/pointers welcome. Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ################################################################################################################ This e-mail message is confidential and intended solely for the person to whom or the entity to which it is addressed. All the contents and any attachments remain the property of VR Services (Pty) Ltd unless so stated by contract. If you are not the intended recipient, you are prohibited from reading, copying, using or disclosing this message to others. If you received this message in error, please notify the sender immediately by replying to this e-mail or by telephoning +27 21 528 9300 and thereafter delete the message. VR Services (Pty) Ltd does not accept liability for any personal views expressed in this message. ################################################################################################################ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Does anyone know which Malware owns this? Paul Halliday (Dec 10)
- RE: Does anyone know which Malware owns this? Steven Scheffler (Dec 11)
- <Possible follow-ups>
- Re: Does anyone know which Malware owns this? infolookup (Dec 11)