| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sgmasood at yahoo.com (S G Masood) Subject: AMDPatchB & InstallStub I had the "honour" :) of chatting with the IRC Ops on this server just now. They accepted that it is a botnet. When told their address was on FD, they panicked and are now killing all new connections. This might be useful: 8<------------ Welcome to the Internet Relay Network via The World Wide NEWiSO, aaaa Your host is Drones2.newiso.org, running version u2.10.11.04 This server was created Thu Aug 21 2003 at 22:05:31 EST Drones2.newiso.org u2.10.11.04 dioswkgx biklmnopstvr bklov 8<------------- I would've been fun if the original poster had attached a sample of amdpatchb.exe. -- Cheers, S.G.Masood Hyderabad, India. -- --- Michael Linke <ml@...ract.org> wrote: > At one of our Computers with Internet Access, I > found a strange program > running. > amdpatchB.exe(38 KB) > > This program is trying to get Internet Access while > starting. > amdpatchB.exe is connecting 63.246.134.50:9900. > There is a text based protocol running on > 63.246.134.50 at a service on port > 9900. > See Telnet output: > ________________________________________________________ > telnet 63.246.134.50 9900 > Trying 63.246.134.50... > Connected to 63.246.134.50. > Escape character is '^]'. > NOTICE AUTH :*** Looking up your hostname > NOTICE AUTH :*** Checking Ident > NOTICE AUTH :*** Found your hostname > help > :Drones2.newiso.org 451 * :Register first. > _________________________________________________________ > > I used Google to look for this filename but got no > result. > Any ideas what this is? > > Regards, > Michael > _____________________ > > -----Ursprüngliche Nachricht----- > Von: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] Im > Auftrag von Richard > Johnson > Gesendet: Mittwoch, 17. September 2003 17:48 > An: full-disclosure@...ts.netsys.com > Betreff: [Full-Disclosure] Re: openssh remote > exploit > > In article > <20030917132443.GA17620@....LONESTAR.ORG>, > petard <petard@....lonestar.org> wrote: > > > An exploit would certainly constitute such > evidence. Have you seen > > anything that indicates this bug is exploitable? > > > I'm beginning to suspect that compromises attributed > to this bug on > Linux hosts were coincidental. They could have > happened via exploits > of other problems. That's because no-one has any > forensics data or > logs that indicate this particular bug as an attack > route. > > However, the chance is not worth taking in practice, > so upgrade time it > is. > > > Richard > > -- > My mailbox. My property. My personal space. My > rules. Deal with it. > > http://www.river.com/users/share/cluetrain/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists