Paul
CastleCops Founder
Joined: Feb 22, 2002
Posts: 27351
|
 Posted: Thu Dec 13, 2007 12:41 am Post subject: [WsIRT#863] IRC Bot Shell |
|
|
Attack Alert
Full Report:  /IRC_Bot_Shell_attack863.html
Changed status to confirmed attack.
IP Converted: 195.161.119.84
dword = 3282138964
hex1 = 0xc3a17754
hex2 = 0xc3.0xa1.0x77.0x54
oct = 0303.0241.0167.0124
This is the same IRC Bot Shell attacker script being used by troubled individuals as seen in the reports:
/IRC_Bot_Shell_attack649.html
/IRC_Bot_Shell_attack195.html
In fact, this one and 649 share the same hash fingerprint.
This script is being used by attackers injecting it onto remote web servers in an attempt to compromise them and take ownership of them for ill intent. Please remove immediately.
array("sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==","sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR","rpihlYyTr5LWV KHDi6SRl0+jko4=","rZytgpFPr5TDlI7MmW6FiQ==","sKJuhYdPopDTi5bHlKVRhoY=","tWeuVFZSclfDV I7CVKKPmYasjI+lUYOJ","vaOokJFUbpPOi5jClLNRhoY=","sqywiZKPpVeMipjHlm6RiZU=","sqytlpaKo 5eMipjHlm6RiZU=");
Translates to:
mymusicband.weedns.com
myphonenumber.weedns.com
ieatironx.weedns.com
himan.opendns.be
ko.dd.blueline.be
p4n33123e.dd.blueline.be
xphon3.opendns.be
myphone3.dnip.net
mymusics.dnip.net
View CIDR AS8342 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8342
"8342 | RU | ripencc | 1997-06-11 | RTCOMM-AS RTComm.RU Autonomous System"<br />
Extended information for AS8342:
State/Province:
Country: ru
Responsible Domain: rtcomm.ru
Abuse Email: security@rtcomm.ru
View CIDR AS4713 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4713
"4713 | JP | apnic | 1995-08-30 | OCN NTT Communications Corporation"<br />
Extended information for AS4713:
State/Province:
Country: jp
Responsible Domain: ocn.ad.jp
Abuse Email: abuse@ocn.ad.jp
View CIDR AS3462 Report: http://www.cidr-report.org/cgi-bin/as-report?as=3462
"3462 | TW | apnic | 2002-08-01 | HINET Data Communication Business Group"<br />
Extended information for AS3462:
State/Province:
Country: tw
Responsible Domain: hinet.net
Abuse Email: cracker@hinet.net
View CIDR AS21844 Report: http://www.cidr-report.org/cgi-bin/as-report?as=21844
"21844 | US | arin | 2001-06-29 | THEPLANET-AS - THE PLANET"<br />
Extended information for AS21844:
State/Province: tx
Country: us
Responsible Domain: theplanet.com
Abuse Email: abuse@theplanet.com
View CIDR AS15703 Report: http://www.cidr-report.org/cgi-bin/as-report?as=15703
"15703 | NL | ripencc | 2000-09-19 | TRUESERVER-AS TrueServer BV AS number"<br />
Extended information for AS15703:
State/Province:
Country: nl
Responsible Domain: trueserver.nl
Abuse Email: abuse@true.nl
View CIDR AS5617 Report: http://www.cidr-report.org/cgi-bin/as-report?as=5617
"5617 | PL | ripencc | 1996-04-29 | TPNET Polish Telecom_s commercial IP network"<br />
Extended information for AS5617:
State/Province:
Country: pl
Responsible Domain: tpnet.pl
Abuse Email: abuse@tpnet.pl
View CIDR AS16317 Report: http://www.cidr-report.org/cgi-bin/as-report?as=16317
"16317 | SK | ripencc | 2001-02-23 | SK-4CALL 4CONSULT Ltd."<br />
Extended information for AS16317:
State/Province:
Country: sk
Responsible Domain: ipnet.sk
Abuse Email: security@ipnet.sk
View CIDR AS35592 Report: http://www.cidr-report.org/cgi-bin/as-report?as=35592
"35592 | CZ | ripencc | 2005-09-13 | COOLHOUSING-AS COOLHOUSING Autonomous System"<br />
Extended information for AS35592:
State/Province:
Country: cz
Responsible Domain: network.cz
Abuse Email: abuse@network.cz
View CIDR AS16742 Report: http://www.cidr-report.org/cgi-bin/as-report?as=16742
"16742 | CL | lacnic | 2000-06-05 | Universidad Catolica de Valparaiso"<br />
Extended information for AS16742:
State/Province:
Country: cl
Responsible Domain: ucv.cl
Abuse Email: abuse@ucv.cl
;; QUESTION SECTION:
;xphon3.opendns.be. IN A
;; ANSWER SECTION:
xphon3.opendns.be. 2560 IN A 158.251.4.149
| Quote: | | http://laudanskisucksss.chat.ru/placeholder/image |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
