To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
http://www.planetnana.co.il/rez0r12345/bandook.exe is still active as of this email. It's configured to connect to port 8080 on sucked.no-ip.org, which resolves to 89.138.149.175 (89-138-149-175.bb.netvision.net.il).
This guy isn't a fan of Israeli or American politics, judging from the scripts distributed with the Bandook 1.35 package (released Jan 2007). Config data in the executable (above), as well as the scripts in the original Bandook package, are obfuscated with XOR against 0xe9. -- PinkFreud Chief of Security, Nightstar IRC network irc.nightstar.net | www.nightstar.net Server Administrator - Blargh.CA.US.Nightstar.Net Unsolicited advertisements sent to this address are NOT welcome.
signature.asc
Description: Digital signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets