To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
J. Oquendo napsal(a):
> Alright, its Monday, thought some may need a laugh:
>
> mta242.xxxxxxx.net [10/Dec/2007:07:13:11 -0600] "GET
> /(Yvax:%20uggc:/jjj.tbbtyr-nanylgvpf.pbz/hepuva.wf)uggc:/jjj.tbbtyr-nanylgvpf.pbz/hepuva.wf
> HTTP/1.1" "-"
>
> Is rot13 bleeding edge. By the way this message has been encrypted with
> rot13 twice. Contact me for the key.
twice ? it works just once for me to get
http:/www.google-analytics.com/urchin.js
and i really wonder why would someone do such a thing and how ;) .. only
answer in my mind is to circumvert some IDS and parse it with
mod_rewrite+external script on the server side to make it even work ...
but it's just guess ... ... ...
... or i completely missed the point ;(
bodik
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
