[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] What is ZmEu?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] What is ZmEu?
From: Gordon Henderson <gordon+dcglug@xxxxxxxxxx>
Date: Sat, 22 Jan 2011 11:07:41 +0000 (GMT)
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Distribution: world

On Sat, 22 Jan 2011, Gordon Henderson wrote:

There appears to be many different hosts that have been compromosed to runthis code - a very quick check on just one site:
 $ fgrep ZmEu access_log | cut -d\  -f 1-1 | sort -rn | uniq | wc -l
 95

Just out of curiosity, I ran it on the log-files on a server that hostsabout 250 websites and stores 3 months of log-files:


  # fgrep ZmEu */logs/oldLogs/access_log* | cut -d\  -f 1-1 | sort -rn | uniq | wc -l
  1688

All those PCs that have been compromised to run hacking attacks... and Iknow that's just the tip of the iceberg...


Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] What is ZmEu?
  - From: Dava
- Re: [LUG] What is ZmEu?
  - From: Dan Dart
- Re: [LUG] What is ZmEu?
  - From: Gordon Henderson
- Re: [LUG] What is ZmEu?
  - From: Dava
- Re: [LUG] What is ZmEu?
  - From: Gordon Henderson

Prev by Date: Re: [LUG] Security and SSH
Next by Date: Re: [LUG] Security and SSH
Previous by thread: Re: [LUG] What is ZmEu?
Next by thread: Re: [LUG] What is ZmEu?
Index(es):
- Date
- Thread