To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hello all.
This is my first post, so excuse me if I didn't follow some of the etiquette and please kindly show me the right direction ;) Anyway, I just wanted to say that this one is from our neck of the woods (ie. Romania), since the IP given is from Bucharest, the capitol of Romania. Also, a quick lookup (http://www.dnsstuff.com/tools/whois.ch?ip=89.123.217.233) reveals that the IP belongs to the Romanian Telecom provider RomTelecom. However the kid may be localized anywhere in the country, since RomTelecom uses the exit point in Bucharest for all of their ADSL lines. Also, all of the text in the binaries which isn't in English, is in Romanian. Some more hints: The binaries contain references to the Undernet channel #Linux-Team which is invite only as of this moment. Other people mentioned by nickname are: MiKuTuL (this means "the small one" in Romanian, although it is not written correctly), Serano, Cortez, Arni neam, Gluu, BadBoys. The text also contains references to "unguri satmareni", which means: "the hungarians from Satu-Mare", Satu Mare being a county of Romania (http://www.satu-mare.ro/). If you search for "unguri satmareni", you will get two other complaints of servers being hacked. Hope this was helpful. Best regards. -- Attila-Mihaly BALAZS Virus Researcher BitDefender ------------------------------ Email: [EMAIL PROTECTED] Phone: +40 264 443 008 ------------------------------ www.bitdefender.com -- The content of this message and attachments are confidential and are classified as BitDefender's Proprietary Information. The content of this message is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action based on this information are strictly prohibited and may be precluded by law. If you have received this message in error, please notify us immediately and then delete it from your system. BitDefender SRL is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets