Re: Systems compromised with ShellBOT perl script - part 2

[Kirby Angell <kangell () alertra com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Bable Fish translation was mine.  I fuzzed out the naughty words (at
least I assume they are naughty, Bable Fish didn't understand it either).

Andreia Gaita wrote:
| On Fri, 03 Sep 2004 18:37:52 -0500, Kirby Angell <kangell () alertra com>
wrote:
|
|>This time I was more prepared and have gathered more data on the script
|>and what the bad guys are using it for.  I have packaged the data into a
|>.tar.gz file if anyone wants a copy of the whole thing including scripts.
|
|
| Yes, if you could send it, please, I'd like to take a look at it.
|
|
|
|>~ doze4 identifies itself as:
|>
|>* * doze4 - written by phyton
|>* * doze4 rOckz! evite hosts.. use ips!
|>Usage: %s <ip> <porta> <spoof>
|><ip>     : endereço que deseja f***r. (address that it desires to f***r)
|><porta>  : porta aperta  (coloque 0, que é rOckz) (door presses (places
|>0, that he is rOckz))
|><spoof>  : um ip para ser spoofado (sua mascara). (a to be spoofado IP
|>(its masks))
|>
|>doze4 as well as .egg2 was written by someone who speeks Portugese.
|
|
| He's definitely from brazil... %|
| Weird python spelling though... and I bet he went to babelfish to
| translate the stuff. eh.
|
| shana
| developer and otherwise computer nut
|


- --
Thank you,

Kirby Angell
Get notified anytime your website goes down!
http://www.alertra.com
key: 9004F4C0
fingerprint: DD7E E88D 7F50 2A1E 229D  836A DB5B A751 9004 F4C0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBPynl21unUZAE9MARAu+kAJsEpkZ25us2YukkzuhLV51o98K7HwCfYKCr
kfOuyuNmehnkmIyIOE3/dYo=
=s8fX
-----END PGP SIGNATURE-----