lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: (no subject)

The chances are extremely good that the IP you're seeing is JAHB (just
another hacked box.)

Paul Schmehl (pauls@...allas.edu)
Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Francisco Guerreiro
> Sent: Thursday, October 03, 2002 7:59 AM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] (no subject)
> 
> 
> hi folks..
> I was meddling in a friend's box when I came across a weird 
> file in /tmp with apache perms. I thought it was a exploit to 
> obtain root since the machine was vuln to the openssl 
> problem, but it turned out to be something else. attached I 
> send the stuff I found, it's quite self explanatory. I've 
> looked at it for a few minutes, it's the slaper code, with 
> some comments and a shell script that ghaters info about the 
> box and send's it to an email account at yahoo.com . The ip 
> that is written on the worm resolves to an adsl acount on 
> some ISP, i guess it is somekind of target since it would be 
> quite stupid to put your home ip on a worm.

Powered by blists - more mailing lists