[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Jake Anderson yahoo at vapourforge.com
Wed May 29 11:43:29 EST 2013


telnet someserver.tpg.com
ping tpgdns.tpg.com -f -l 1000 -p 436865636b204175736e6f67 -s 1450

MUWHAHAHAHAH!
They may be a little less receptive to the idea of you being white hat 
however ;->

(for the lazy hex 43:68:65:63:6b:20:41:75:73:6e:6f:67 = "Check Ausnog" 
in the ascii realm)

On 29/05/13 11:05, Parth Shukla wrote:
>
> Hey all,
>
> I am still looking for contacts for: TPG, Optus and iiNet!
>
> Someone did kindly forward my email to iiNet security team so I'll 
> wait a day or two more to hear from them still...
>
> Anyone? Anything?!
>
> Cheers,
>
> Parth
>
> *Parth Shukla*|**Information Security Analyst
>
> AusCERT | Australia's premier computer emergency response team
>
> The University of Queensland | Brisbane QLD 4072 | Australia
>
> t: (07) 334 64537 |e: pparth at auscert.org.au 
> <mailto:pparth at auscert.org.au>w: www.auscert.org.au 
> <http://www.auscert.org.au/>
>
> Save a tree. Don't print this e-mail unless it's really necessary
>
> *From:*Parth Shukla [mailto:pparth at auscert.org.au]
> *Sent:* Tuesday, 28 May 2013 12:39 PM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: Analysis of the Carna Botnet (Internet Census 2012)
>
> Hi All,
>
> I'm hoping most of you have had a chance to at least have a quick look 
> at my presentation by now.
>
> I'm now after technical contacts for three of the four most prominent 
> Telco's that are present in the Australian data (slide 44 of my 
> presentation). I am hoping to work with someone fairly technical in 
> helping deal with the problem of vulnerable devices through default 
> logins on telnet on their infrastructure.
>
> I'm after (generic and/or non-generic) technical and security focused 
> contact details for:*TPG, Optus and iiNet*.
>
> The IP ranges for these three and Telstra represent 75% of compromised 
> devices in Australia. I already have generic email for Telstra which 
> I'll use but if someone here form Telstra wants to contact me directly 
> please feel free.
>
> Could someone from these three please contact me off-list? If someone 
> has good contacts in any of them, could you either a) forward my email 
> to them asking them to contact me or b) email me their contact details 
> off-list?
>
> I will be providing them with the part of the data that is relevant to 
> their network.
>
> Cheers,
>
> Parth
>
> *Parth Shukla*|**Information Security Analyst
>
> AusCERT | Australia's premier computer emergency response team
>
> The University of Queensland | Brisbane QLD 4072 | Australia
>
> t: (07) 334 64537 |e: pparth at auscert.org.au 
> <mailto:pparth at auscert.org.au>w: www.auscert.org.au 
> <http://www.auscert.org.au/>
>
> Save a tree. Don't print this e-mail unless it's really necessary
>
> *From:*Parth Shukla [mailto:pparth at auscert.org.au]
> *Sent:* Friday, 24 May 2013 7:45 PM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Analysis of the Carna Botnet (Internet Census 2012)
>
> Dear All,
>
> I have made my presentation on the Carna Botnet freely available for 
> view and/or download: http://bit.ly/auscertcarna
>
> This presentation is on the Compromised Devices of the Carna Botnet 
> (also known as Internet Census 2012). This analysis is done from data 
> obtained directly from the researcher. The data used is NOT publicly 
> available for download.
>
> This was recently presented at the AusCERT Conference 2013. Info: 
> http://conference.auscert.org.au/conf2013/speaker_Parth_Shukla.html
>
> This presentation is freely available for viewing and downloading as I 
> wish to spread awareness of the issues raised as a result of the Carna 
> Botnet.
>
> I am sending this email as I suspect many of you will find the 
> contents of this presentation interesting. Apologies to those who are 
> subscribed to multiple mailing lists and are receiving this email 
> multiple times as a result. Please forward this onto any mailing list 
> or any individual who you think may appreciate the contents of the 
> presentation.
>
> Regards,
>
> Parth
>
> *Parth Shukla*|**Information Security Analyst
>
> AusCERT | Australia's premier computer emergency response team
>
> The University of Queensland | Brisbane QLD 4072 | Australia
>
> t: (07) 334 64537 |e: pparth at auscert.org.au 
> <mailto:pparth at auscert.org.au>w: www.auscert.org.au 
> <http://www.auscert.org.au/>
>
> Save a tree. Don't print this e-mail unless it's really necessary
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130529/91e48768/attachment.html>


More information about the AusNOG mailing list