Re: *MAJOR SECURITY BREACH AT CCBILL**
From: Dayne Jordan (djordan@completeweb.net)Date: 12/19/01
- Previous message: Dayne Jordan: "*MAJOR SECURITY BREACH AT CCBILL**"
- Maybe in reply to: Dayne Jordan: "*MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Dayne Jordan: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Dec 2001 15:14:40 -0500 From: Dayne Jordan <djordan@completeweb.net> To: incidents@securityfocus.com
**UPDATE**
Since we first broke this story, I have some further info...
It appears that the entire process of ssh'ing/telnet'ing to
the machine that they have userids/passwords for is an
automated process, perhaps scripted from several sources.
The automated script has been preloaded with a vast list
of username/passwords and server addresses and it systematically
goes thru the list and ftp's the eggdrop and TCL tar files
to the users directory. It then attempts to un tar and configure
both programs, if it's successful, then it starts the eggdrop
program and put it onto the IRC channel at EFNet. IF it's
unsuccessful then someone(human) visits the machine via ssh/telnet
and compiles the failed eggdrop or TCL programs manually and
launches the eggdrop.
We've seen evidence of this on 2 other machines.
D.
========
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Dayne Jordan: "*MAJOR SECURITY BREACH AT CCBILL**"
- Maybe in reply to: Dayne Jordan: "*MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Dayne Jordan: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
