CapCap

#!/bin/bash


# Don't require you to constantly enter password for sudo:
sudo visudo
# In the bottom of the file, paste the following (without the `#`):
# paperspace ALL=(ALL) NOPASSWD: ALL
# Then press `ctl+o` then `enter` to save your changes, and `ctr+x` to exit nano

# Allow connection from your IP to any port- default seems to be just 22 (ssh)

CapCap

-- Made by the coding ninjas at Upgrade, LLC: www.upgradeyour.com
-- Are YOU ready for an Upgrade?

-- phpMyAdmin SQL Dump
-- Generation Time: Apr 10, 2012 at 06:05 PM
-- Server version: 5.5.20
-- PHP Version: 5.4.0

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";

CapCap

/* Hello from upgradeyour.com (coming soon), 
I've done some security work in the past and figured this would be a fun and quick puzzle, I found the same hash as scott on http://50.116.17.63/stats/counter.php?id=547b373f97233059 and googling it led to his post :)

it tries to identify browser/os version, and possibly run a wmp exp
It also tries to visit http://50.116.17.63/stats/w.php?f=b6863&e=4 and http://50.116.17.63/stats/w.php?f=b6863&e=1 and download+exec, two different exes
It tries a pdf exploit ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 and also http://50.116.17.63/stats/content/ap2.php?f=b6863 and http://50.116.17.63/content/ap1.php ? f = b6863 ), and hcp exploit as well ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885 ), and some pdf exploit

This is all part of the blackhole exploit kit, and this botnet is seemingly Huge!