Thread: FEATURED SSHD Rootkit Rolling around
View Single Post
  #978  
Old 02-20-2013, 06:58 PM
ramnet ramnet is offline
Virtually Flawless ;)
 
Join Date: Apr 2009
Location: USA / UK
Posts: 4,537
Quote:
Originally Posted by Olly-ellogroup View Post
I am 100% with Steve on his theory of local machine hacking.
I am as well.

nenolod and Steven actually have a copy of the rootkit keylogger that has caused this. It affects workstations and sends out keystrokes in dns packets out port 53.

He used this infected workstation system to login to a honeypot and a few hours later that honeypot was hit.

IP's all match the suspect IP's here.

If you have a server affected by this, your workstation has been compromised.

__________________
RAM Host -- Premium & Budget Linux Hosting From The USA & EU
█ Featuring Powerful cPanel CloudLinux Shared Hosting
█ & Cheap Premium Virtual Dedicated Servers
Follow us on Twitter

Sponsored Links