Security Incidents mailing list archives
Can anyone explain this compromise?
From: Sir Scriptzalot <sir_scriptzalot () HOTMAIL COM>
Date: Thu, 10 Aug 2000 15:17:20 EST
Hi all, We have been receiving messages like below from sites around the world warning us that "ourhost.dom.com.au" has been compromised. Here is one of the messages:
Your shells have been hacked by a group called > BlackHand. They hack shells and then they root and do > illegal things like run illegal backgrounds in servers > smurf scan etc. Here is some proof: > SNK- is snk () ourhost dom com au * Do whois if you are a gay SNK- using *.au [0:0:0:0:0:ffff:203.37.45.3] TI IRC Server SNK- End of WHOIS list.
Other messages are exactly the same but in adition include stuff like "you have been r00ted and trojan login, ps, su binaries inserted" Any ideas? Thanks, Max Max Steel Omega-Xpress ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- Can anyone explain this compromise? Sir Scriptzalot (Aug 10)
- Re: Can anyone explain this compromise? Osvaldo Janeri Filho (Aug 13)
- Re: Can anyone explain this compromise? Fredrik Ostergren (Aug 13)
- Re: Can anyone explain this compromise? Ryan Sweat (Aug 13)
- <Possible follow-ups>
- Re: Can anyone explain this compromise? Luke Dudney (Aug 13)
- Re: Can anyone explain this compromise? apa The (Aug 13)