On Thu, 23 Aug 2001, Jim Mercer wrote:
i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
in any case, i found a file in the cracker's directory containing what i think is a list of other servers which might be hacked. i think the list also includes the passwords for using the trojan.
on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
i was gonna just post the list of hosts here, but then, maybe not.
what is the appropriate feeling?
Suggest you first notify CERT. If the list is manageable in size, perhaps you may also want to write to the sysadmins/network owners whose boxen were compromised. Publishing such list in the open may not be such a hot idea, for obvious reasons... --Mitch NetSide