[Chugalug] d at mn scammers/hackers
cluon at geeklabs.com
Thu Oct 18 02:52:25 UTC 2012
On Wed, 17 Oct 2012, K I Goldman wrote:
> I may have just been helping a friend look into this hack. Do you see hits like:
> After it created these files
You nailed it exactly. And got deeper than I did.
Yeah, same hack, and best I can tell also,
limited to apache user and this exploit/target.
Unsure of the purpose of other code,
I have other issues to resolve tonight (but not related to this)
Yours was on a .org also? Interesting. Both that I had were also .orgs.
I wonder if that is the targeted low hanging fruit of this campaign.
More information about the Chugalug