Oct 242014
 

Ive received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so Im assuming these are compromised systems." />

The payload is an IRC perl bot with simple DDoS commands and the ability to fetch and execute further code.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oct 242014
 

I wanted to perform a little unscientific information gathering, Im working with a small group who think theyre being specifically targeted by these, while I think its more widespread and opportunitistic. If youve recently received these no content probe emails, or a simple Hi message, please send a simple comment below in this format:

  • Industry
  • Order of magnitued in size (e.g. 10, 100, 1000)
  • Sending domain

Feel free to use our comment page to add extra analysis comments here: https://isc.sans.edu/contact.html

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
%d bloggers like this: