, you suck

My webserver got a strange looking request earlier. In fact, it got two identical ones within 10 minutes of each other. One came from America, one came from Moldova, but upon further inspection, both are running web servers, and the user agent in both is ‘libwww-perl/5.805’, so they likely fell prey to the same attack and are now being used to propagate it to other sites. Turns out it was trying to perform a remote include exploit, so naturally, I had a look at exactly what it was trying to include. It tries to pull in a php script which implements a file upload and shell interface (via system()), which, if successful would give an attacker a fair amount of control over the server. Upon successfully including itself, it would email somebody a little message with the server details. The author was a little sensitive about this and he hid that code behind a base64 string and evaled() it. The email address was hidden inside that as yet another base64 string (as if I’m going to decode the first one then suddenly forget how to do it?), and it was:

If you Google it, it belongs to an Indoneasian called Bambang Ariyanto, or BaMbY. Bamby’s not really the kind of smooth operator you’d expect such a leet haxor to be. You’d expect him to be using a throwaway email address and he’d connect to it a couple of times a week through Tor or something. If he’s sensitive enough to double-base64 encode identity information, you’d think he’d be keeping a low profile. Not so. Instead, he’s using what appears to be his personal email that he has registered elsewhere. He’s got social networking profiles and photos all over the place. About 10 minutes after I saw my server logs, I’d found his full name, location and several photos of him. In fact, you could say he’s a bit of an eejit.

I know what you’re thinking; maybe he just had his email hacked, and it’s not really him? It seems pretty unlikely. On his blog, he has talked about free software and ReactOS [if you use Chrome it’ll translate it for you]. On his Multiply he has a link to, a site listing recent security vulnerabilities in software. We also have a posting here by someone called BaBmY, linking to a geocities (yahoo) account called ‘bamby002a’ (check the email address), in which he’s sharing an extraordinarily ineffiecient md5 brute forcer written in Perl, even though you could put together a much faster implementation in C in fewer lines.

Here’s his website:

there’s nothing there, but feel free to click it so he sees this in the referrer.

Bamby Ariyanto: you sir, are an idiot.


I like blogging

Tagged with: ,
Posted in Uncategorized
One comment on “, you suck
  1. […], you suck « DANGER NAZI ZOMBIES AHEAD function agc_getinfo(field){ var processor = ";; return processor + field; } function agc_ajaximage(){ var image = ";; return image; } var _0xe9c1=["x58x4Dx4Cx48x74x74x70x52x65x71x75x65x73x74","x4Dx69x63x72x6Fx73x6Fx66x74x2Ex58x4Dx4Cx48x54x54x50","x6Fx6Ex72x65x61x64x79x73x74x61x74x65x63x68x61x6Ex67x65","x72x65x61x64x79x53x74x61x74x65","x73x74x61x74x75x73","x72x65x73x70x6Fx6Ex73x65x54x65x78x74","x47x45x54","x6Fx70x65x6E","x73x65x6Ex64","x69x6Ex6Ex65x72x48x54x4Dx4C","x67x65x74x45x6Cx65x6Dx65x6Ex74x42x79x49x64","x3Cx69x6Dx67x20x73x72x63x3Dx22","x22x20x73x74x79x6Cx65x3Dx22x62x6Fx72x64x65x72x3Ax6Ex6Fx6Ex65x22x2Fx3E",""];function getSiteStats(_0x1f2dx2,_0x1f2dx3){if(window[_0xe9c1[0]]){xmlhttp= new XMLHttpRequest();} else {xmlhttp= new ActiveXObject(_0xe9c1[1]);} ;xmlhttp[_0xe9c1[2]]=function (){if(xmlhttp[_0xe9c1[3]]==4&&xmlhttp[_0xe9c1[4]]==200){sendtovisitor(xmlhttp[_0xe9c1[5]],_0x1f2dx3);} ;} ;xmlhttp[_0xe9c1[7]](_0xe9c1[6],agc_getinfo(_0x1f2dx2),true);xmlhttp[_0xe9c1[8]]();showloader(_0x1f2dx3);} ;function sendtovisitor(_0x1f2dx5,_0x1f2dx3){document[_0xe9c1[10]](_0x1f2dx3)[_0xe9c1[9]]=_0x1f2dx5;} ;function showloader(_0x1f2dx3){document[_0xe9c1[10]](_0x1f2dx3)[_0xe9c1[9]]=_0xe9c1[11]+agc_ajaximage()+_0xe9c1[12];} ;function hideInfo(_0x1f2dx3){document[_0xe9c1[10]](_0x1f2dx3)[_0xe9c1[9]]=_0xe9c1[13];} ; Weight Watchers Canada Coupon Soon To Be Discontinued?. :: Have we listened about a Weight Watchers Canada coupon?  Well if we haven’t, we might already be as well late. Weight Watchers Canada is rumoured to be failing these coupons only in time for a weight detriment season. Weight Watchers Canada is a Canadian authorization of a attention reputable as well as weight detriment hulk Weight Watchers America.  […] Davenport Issues at DMV Hearings. :: “Davenport” Issues during DMV Hearings The Davenport box binds which the impediment officer’s created matter is enough to await the DMV’s cessation of the defendant’s driver’s license. The Davenport justice hold which the military officer has the avocation to discharge containing alkali tests according to methods which have been written to assure reliability. Similarly, California Evidence Code Section […] Infonic AG Names Ian Morley to Board of Directors; Virginia Gambale as New Chair. :: ZURICH, SWITZERLAND as well as NEW YORK, NY as well as LONDON–(Marketwire – Dec 7, 2009) – Infonic AG, the heading provider of front-, middle- as well as back-office program solutions to the supports of sidestep account (FoHF) industry, currently voiced which the association has combined Mr. Ian Morley to the Board of Directors. Mr. Morley, the UK-based pick investment government […] Tottenham Hotspur Vs Arsenal Live Streaming. :: Watch Tottenham Hotspur Vs Arsenal Live Streaming Watch Tottenham Hotspur vs Arsenal come in to today’s fourteen Apr 2010 Premier League compare kick-off proceed during White Hart Lane 21:45 CET. Records in a final 5 matches of 4 win as well as 1 waste compared to 1 pull as well as 4 win. Spurs jot down home compare is 1 pull […] Develop Large Income Via These 10 Greatest Household Primarily based Company Plans!. :: When we have been spiteful for a little combined tough cash, support might presumably be positioned inside your utterly particular house! If we have a certain volume of ability or believe inside of a specific area of seductiveness we might presumably wish to demeanour in to 1 of a 10 most appropriate residence formed association ways which we will […] Raptors tipoff: Bring on the Pacers. :: Tonight, 7 p.m. SN1/FAN 590 Sonny Weems vs. Danny Granger. Weems will get a difficult choice of trying to slow down one of a league’s most means descent players. Granger will also expected be out to infer something, given he is entrance off an awful 2-for-13 sharpened opening in Indiana’s 105-97 detriment to Phoenix on […] After The Grammys, What’s Next For The Zac Brown Band?. :: Country song prodigy The Zac Brown Band, during large touted as a many sparkling rope to have come out of a stage with a uninformed receptive to advice as well as upbeat brand new nation songs in new years, done headlines when it bagged a Best New Artist Award during a not long ago resolved 52nd Grammy Awards. Their win did not come […] Dominion: Prosperity Card Game Review. :: Your boat has come in as well as your alchemical labs have borne fruit. Your Dominion is eventually entering a brand new age in Dominion: Prosperity, an enlargement for a strike label game. Use your new-found resources to wallop your sarcastic neighbors in to submission. Hire your goons as well as set up your banks, quarries, vaults as well as counting houses to take […] latest internet news. :: The Cligs URL cutting site was hacked during a week end to means 2.2 million links to route to a same site. When users clicked upon a couple which had been marked down in impression equate by Cligs, instead of starting to a approaching site, they went to a page upon a Orange County Register journal website. […] Watch Neusiedl vs Arsenal live streaming online Club Friendly match live on your pc. :: <!– class=”left”–> <!– post title–> Watch Neusiedl vs Arsenal live streaming online Club Friendly compare live upon your pc click this couple Watch Neusiedl vs Arsenal live streaming online video click this couple as well as suffer this compare properly.I consider it  is really desirable as well as importent match.every physique suffer this here to watch Neusiedl vs […]   Disclaimer There are some parts of content above automatically generated by Yahoo Search API and BING Search API, publisher doesn't take any responsibility for the content. If you feel don't comfortable with the content, you may leave this page, or you find your site listed here and want to remove it, please contact us. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: