Full Disclosure mailing list archives
Re: Re: SQL injection worm ?
From: Willem Koenings <infsec () gmail com>
Date: Thu, 6 Jan 2005 13:16:26 +0200
On Wed, 5 Jan 2005 18:27:25 -0500 (EST), bugtraq () cgisecurity net <bugtraq () cgisecurity net> wrote:
Here is some additional information.
³ ircname : [UNC]69402 | channels : #!processor ³ server : shellcodewarez.info (ScW Network) : idle : 4 hours 57 mins 9 secs (signon: Tue Jan 4 23:40:01 2005) ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | [UNC]73047 (vjfud () BFE013F 3F070E03 2BA09B8 IP) (unknown) ³ ircname : [UNC]73047 | channels : +#!processor ³ server : shellcodewarez.info (ScW Network) : idle : 4 hours 57 mins 26 secs (signon: Wed Jan 5 07:48:45 2005) As you can see they are masking the ip addresses.
That depends. When new victim arrives on the channel, you can see his IP: [13:06] * [UNC]08801 (ngnvje@210.93.182.253) has joined #!processor but on inquery it's really masked, yes: [13:07] [UNC]08801 is ngnvje () 9665494 1E6027D8 277B9277 IP * [UNC]08801 [13:07] [UNC]08801 is on #!processor [13:07] [UNC]08801 using shellcodewarez.info ScW Network [13:07] [UNC]08801 has been idle 49 secs, signed on thursday jan 06 01:18 pm all the best, W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL injection worm ? Maxime Ducharme (Jan 06)
- Re: SQL injection worm ? bugtraq (Jan 05)
- Re: Re: SQL injection worm ? Willem Koenings (Jan 06)
- Re: [Dshield] SQL injection worm ? Maxime Ducharme (Jan 19)
- Re: SQL injection worm ? bugtraq (Jan 05)