Today i found a bot running in a client's server system. The bot is designed for flood mainly and as it state in its name "Enjoy FloodBot based on OverKill". The problem on the server was a website that had an sql injection point, from there the attackers were able to take control on the site and add files through the custom cms. The content of the bot consist mainly of executables to perform flood attacks.
Link for research follows.
Flood Bot
I had same experience, I found the files /var/cache/mod_ssl/.m folder. I'm suspecting some vulnerability in mod_ssl.
ReplyDelete