Freitag, 24. Juli 2015

Telnet hit with code execution attempt - 118.45.65.144

BEGIN OF TELNET DATA:
2015-07-24 05:33:40
Source IP: 118.45.65.144
Country: KR RiskScore: 1 Malware: []
rm /var/run/.zollard/*^Mrm -rf /var/run/.zollard^M/\-/yjTk\0AHf;/\-/0AHf\Yd9Z;cat /proc/mounts;/\-/Yd9Z\pgWD^M
User: admin
Pass: admin

 END OF DATA
According to some research

https://www.symantec.com/security_response/writeup.jsp?docid=2013-112710-1612-99&tabid=2

 the file is related to a WORM.