To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On 21/03/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > I found a web calendar overflow that pulled this URL: > > http://www.datatrade.com/downloads/.../cmd.gif
I reckon it was this: http://isc.sans.org/diary.php?storyid=1030 http://www.philippinehoneynet.org/dataarchive.php?date=2006-01-20 http://www.philippinehoneynet.org/charts_2006-01-20/defacingtool.txt I've seen a couple of binaries dropped using this tool in combination with PHP remote include vulnerabilities. cmd.gif is included by the other PHP file, and is used itself to download the actual payload. Or that's my interpretation anyway. cheers, Jamie _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
