Re: Systems compromised with ShellBOT perl script - part 2

[Andreia Gaita <shana.ufie () gmail com>]

On Fri, 03 Sep 2004 18:37:52 -0500, Kirby Angell <kangell () alertra com> wrote:
> This time I was more prepared and have gathered more data on the script
> and what the bad guys are using it for.  I have packaged the data into a
> .tar.gz file if anyone wants a copy of the whole thing including scripts.

Yes, if you could send it, please, I'd like to take a look at it.
 

> ~ doze4 identifies itself as:
>
> * * doze4 - written by phyton
> * * doze4 rOckz! evite hosts.. use ips!
> Usage: %s <ip> <porta> <spoof>
> <ip>     : endereço que deseja f***r. (address that it desires to f***r)
> <porta>  : porta aperta  (coloque 0, que é rOckz) (door presses (places
> 0, that he is rOckz))
> <spoof>  : um ip para ser spoofado (sua mascara). (a to be spoofado IP
> (its masks))
>
> doze4 as well as .egg2 was written by someone who speeks Portugese.

He's definitely from brazil... %|
Weird python spelling though... and I bet he went to babelfish to
translate the stuff. eh.

shana
developer and otherwise computer nut