lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 5 Jun 2010 16:38:42 +0300
From: zeus penguin <zeuspenguin@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: IceMan`s a.k.a romanian skiddie e107 botnet

http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html
<= e107 recent vuln

94.249.152.10 - - [05/Jun/2010:14:10:39 +0100] "POST /contact.php
HTTP/1.1" 200 18708 "-" "Mozilla/5.0" <= my apache logs

http://188.24.49.67/ <= his home ip
inetnum:        188.24.0.0 - 188.27.255.255
netname:        RO-RDS-20070529
org:            ORG-RA18-RIPE
descr:          RCS & RDS SA
country:        RO

http://boo.ai/ <= "hacked"

http://www.ex-pat.es/support/81.txt <= perl bot
http://boo.ai/80.txt <= perl bot

94.52.243.30 9999 <= ircd for the botnet
channel #mail
inetnum:        94.52.0.0 - 94.52.255.255
netname:        RO-NEWCOM
descr:          New Com Telecomunicatii SA
country:        RO

iceman.ro has address 89.40.88.78
inetnum:        89.40.88.0 - 89.40.92.255
netname:        SC-T-and-C-CIBERNET-SRL
descr:          SC T&C Cibernet SRL
descr:          Str. Rovine Nr10/1 Cluj
descr:          Cluj-Napoca Romania
country:        ro

log from his ircd ddosing machines =>
14:16 < I> !say @udpflood 94.125.182.255 65000 600
14:26 < mail|449501> [UDP] Sent 6274086 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|991894> [UDP] Sent 6907075 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|292398> [UDP] Sent 39424531 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|65639> [UDP] Sent 7033710 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|899909> [UDP] Sent 0 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|447538> [UDP] Sent 7037773 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|761936> [UDP] Sent 7037265 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|976034> [UDP] Sent 6770219 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|704496> [UDP] Sent 21841650 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|536563> [UDP] Sent 6882192 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|132250> [UDP] Sent 5967177 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|220578> [UDP] Sent 6017451 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|190075> [UDP] Sent 6730292 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|4095> [UDP] Sent 6984580 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|858829> [UDP] Sent 7034028 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|677442> [UDP] Sent 1689238 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|382121> [UDP] Sent 7031743 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|926467> [UDP] Sent 7010415 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|509647> [UDP] Sent 6738608 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|500562> [UDP] Sent 6998544 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|408896> [UDP] Sent 21333393 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|989366> [UDP] Sent 0 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|834190> [UDP] Sent 17308154 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|216130> [UDP] Sent 33421489 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|51365> [UDP] Sent 7017524 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|68688> [UDP] Sent 47775634 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|631624> [UDP] Sent 1712089 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|126366> [UDP] Sent 7020761 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|194620> [UDP] Sent 5582636 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|23755> [UDP] Sent 101010063 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|827991> [UDP] Sent 6555859 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|472636> [UDP] Sent 5353613 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|582149> [UDP] Sent 12920209 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|289213> [UDP] Sent 63781250 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|315842> [UDP] Sent 6890126 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|606340> [UDP] Sent 3561733 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|401405> [UDP] Sent 39965161 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|542235> [UDP] Sent 0 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|555055> [UDP] Sent 10664 Kb in 600 seconds to 94.125.182.255.
14:26 < mail|647209> [UDP] Sent 8175400 Kb in 600 seconds to 94.125.182.255.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ