Re: [botnets] philka

Sat, 15 Dec 2007 09:45:44 -0800 

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hello!

I replied to the list 2 times about this case, but for some strange reason
my answer does not appear on the list.

Please see below:

After a quick investigation this appears to be quite funny case - all those
people run
same pirated windows xp distribution form www.philka.ru warez thashcan.
Perhaps the
hostname is pre-defined at the installation time. So, this is a false alarm
(about "philka").

Of course, many of these broadband users are infected with various malwares,
but this is
another story.

--
Konstatin


On Dec 15, 2007 5:22 PM, Randy Mueller <[EMAIL PROTECTED]> wrote:

> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Dec 2007 16:14:54 +0200
> From: "Konstantin Barinov" <[EMAIL PROTECTED]>
> Subject: [botnets] philka
> To: botnets@whitestar.linuxbox.org
> Message-ID:
>        <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello colleagues
>
> Our admins made an interesting discovery today. We have hundreds of client
> PC's with same hostname
> "philka". Below a little block from dhcpd log file. Did you see something
> like this? I doubt all those people
> changed computer names in Windows manually.
>
> --
> Konstantin Barinov
>
>
>
> Dec 14 00:07:56 victor dhcpd: DHCPREQUEST for 172.16.47.25 from
> 00:19:66:17:0d:da (philka) via vlan15
> Dec 14 00:07:56 victor dhcpd: DHCPACK on 172.16.47.25 to 00:19:66:17:0d:da
> (philka) via vlan15
> **************************************
>
> Very interesting. Please keep us posted on this. Same name usually is
> denied
> access on the same network. This some crazy shit.
>
> RM
>
>
>
> _______________________________________________
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> All list and server information are public and available to law
> enforcement upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>



-- 
--
Konstantin Barinov

_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to