To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hey all, (hopefully many are still around) re-sending this as it was bounced before... Additional comments after original message:
// BEGIN >From [EMAIL PROTECTED] Sat Aug 9 14:24:35 2008 Date: Sat, 9 Aug 2008 14:24:35 -0500 From: "J. Oquendo" <[EMAIL PROTECTED]> To: botnets@whitestar.linuxbox.org Subject: New SQL Bot? Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Starting yesterday I began seeing a few attempts at an XSS attack. Posting perhaps someone else knows something about it, or has been seeing it. Wouldn't be that much of a deal but I also see the same entries on a webserver on a completely different netblock... Apache entry is at: hxxp://SameDomainAsTheSendingEmail.com/NEWBOT // END FYI, I've been seeing daily about 200 attempts coming from all sorts of hosts so my suspicion is some form of 0-day was found and someone automated it. Haven't seen anything on the usual lists, so it could just be a new (unicode) spin, on an older attack. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) CEH/CNDA, CHFI "Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny." Thomas Jefferson wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets