lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTin-7Q7wesOHDgWx4YUp=FhvGZn+wQ@mail.gmail.com> Date: Tue, 26 Apr 2011 11:01:52 -0700 From: Seanybob <seanybob@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Warning - t00ls.org hidden callback in shells Just an update to the previous post on this topic. The attacker has been moving around his datafile containing the list of urls with shell scripts installed. His old one: http://xmors.byethost7.com/mynameisahmed..html has been shutdown. Did some investigating, and found some other places this guy has hidden his data he collected. This link is one he used before the first one I posted. It was working until a few days ago, when it looks like he shut it down. You may be able to find a cache somewhere. http://xmors.byethost7.com/mynameisahmed.a7a.html Here's his new live one. As you can see, the list is... quite long. http://97.79.238.155/~data/mero..html Obviously I can't tell you what to do with this info. I share this with the hopes that some kind soul(s) will take the time to notify the affected websites, or alternatively go through and delete the shell scripts. I've deleted a lot of them myself, but quite simply don't have the time to sit there and delete thousands of these shells one by one. (I considered writing a script, but lost interest rather fast). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists