lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Subject: Some suspicious files

sneaker

> possibly a beta version of a connect back trojan.
>
> seems to be able to use a website to transfer information between the
> attacker and the infected machine.
>

appredir-username=some_irc_guy
client version=sneaker_0.19
cmd-url=http://1337suxx0r.ath.cx:580/hack/sneaker/cmd.php=login-url=http://1337s
uxx0r.ath.cx:580/hack/sneaker/login.php
opfer-info=some_irc_guy
 /s7regkey={13371337-1337-1337-1337-133713371337}
<SubSeven Startup Method (requires Config Setting "s7regkey")

m.w

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux