Re: [botnets] re MAC trojan
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Gadi Evron пишет: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On Thu, 1 Nov 2007, Gary Flynn wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- This is nothing more than simple downloadable malware exacerbated somewhat by permissive configuration settings. It exploits no security defects. As I understand it, the operator is given multiple opportunities to refuse the program: Yes, but it's who uses it and how that matters. Relax. MAC users are not that stupid as MS users... http://www.jmu.edu/computing/security/#macmalware (I'm only subscribed to the archive so I apologize if this has been already pointed out or already proven incorrect today) -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] Spam botnet discovered
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi again! Hope you doing well ;) Today i would like to point your attention to some spam-net, which i beleive has been run by some russian kaker. First of all, bellow is a list of his bots (i'm sure it's not all!): hzzp:// afrik.geimanen.com/imgbak/imgbak.php hzzp:// angelstroyru.32.com1.ru/imgbak/imgbak.php hzzp:// apiscom.ro/imgbak/imgbak.php hzzp:// Arcadepatio.com/imgbak/imgbak.php hzzp:// atsnet.ro/imgbak/imgbak.php hzzp:// aulttechsynthetics.com/imgbak/imgbak.php hzzp:// auto-dental-health-life.com/imgbak/imgbak.php hzzp:// avataroff.net/imgbak/imgbak.php hzzp:// beijuburger.com.br/imgbak/imgbak.php hzzp:// beklenenkurtarici.com/imgbak/imgbak.php hzzp:// cannibalracing.com/imgbak/imgbak.php hzzp:// colafix.com.br/imgbak/imgbak.php hzzp:// csrezwa.com/imgbak/imgbak.php hzzp:// ctv-roscom.ru/imgbak/imgbak.php hzzp:// daelim-forum.com/imgbak/imgbak.php hzzp:// ddhp.net.ru/imgbak/imgbak.php hzzp:// develon.intway.info/imgbak/imgbak.php hzzp:// devilll.com/imgbak/imgbak.php hzzp:// djpillaru.87.com1.ru/imgbak/imgbak.php hzzp:// doku-par.com.tr/imgbak/imgbak.php hzzp:// e-books.topworld.org/imgbak/imgbak.php hzzp:// efectotangoru.84.com1.ru/imgbak/imgbak.php hzzp:// elephants.org.ru/imgbak/imgbak.php hzzp:// expoforum.crimea.com/imgbak/imgbak.php hzzp:// fandoc.ru/imgbak/imgbak.php hzzp:// fishecoru.58.com1.ru/imgbak/imgbak.php hzzp:// fl-real-estate-florida.com/imgbak/imgbak.php hzzp:// folies.net/imgbak/imgbak.php hzzp:// games.ip-com.com.ua/imgbak/imgbak.php hzzp:// gardennatura.com/imgbak/imgbak.php hzzp:// ga-real-estate-georgia.com/imgbak/imgbak.php hzzp:// ghuto.com/imgbak/imgbak.php hzzp:// glasgowcostumehire.com/imgbak/imgbak.php hzzp:// golden.udaff.com/imgbak/imgbak.php hzzp:// goldnutru.36.com1.ru/imgbak/imgbak.php hzzp:// gospelurl.com/imgbak/imgbak.php hzzp:// guru.sevstar.net/imgbak/imgbak.php hzzp:// hawaiifunplanner.com/imgbak/imgbak.php hzzp:// himsnru.67.com1.ru/imgbak/imgbak.php hzzp:// home-team-advantage.com/imgbak/imgbak.php hzzp:// ildar999.intway.info/imgbak/imgbak.php hzzp:// jaro.topworld.org/imgbak/imgbak.php hzzp:// jc-engineering.com/imgbak/imgbak.php hzzp:// joinm.net/imgbak/imgbak.php hzzp:// kadenciya.ru/imgbak/imgbak.php hzzp:// kjcindustrial.com/imgbak/imgbak.php hzzp:// koly.org/imgbak/imgbak.php hzzp:// krygl.unfriends.net/imgbak/imgbak.php hzzp:// leonzik.hostrocket.com/imgbak/imgbak.php hzzp:// manaadmru.58.com1.ru/imgbak/imgbak.php hzzp:// manisatrambolin.net/imgbak/imgbak.php hzzp:// maxphotoru.59.com1.ru/imgbak/imgbak.php hzzp:// mbpazar.com/imgbak/imgbak.php hzzp:// mbtuningtr.com/imgbak/imgbak.php hzzp:// mercimekvezeytin.com/imgbak/imgbak.php hzzp:// mishal.org/imgbak/imgbak.php hzzp:// obshepit.com/imgbak/imgbak.php hzzp:// okpp.ru/imgbak/imgbak.php hzzp:// olmax.de/imgbak/imgbak.php hzzp:// outdoorsexy.com.br/imgbak/imgbak.php hzzp:// ow22.com/imgbak/imgbak.php hzzp:// pa-246.com/imgbak/imgbak.php hzzp:// pawbeachresort.com/imgbak/imgbak.php hzzp:// people.homelande.com/imgbak/imgbak.php hzzp:// persecution.com.ua/imgbak/imgbak.php hzzp:// pinfotru.92.com1.ru/imgbak/imgbak.php hzzp:// pioneersportsmumbai.com/imgbak/imgbak.php hzzp:// pjwstk.devtown.net/imgbak/imgbak.php hzzp:// postach.utkc.net/imgbak/imgbak.php hzzp:// pssostrow.pl/imgbak/imgbak.php hzzp:// radioplus.on.panonnet.net/imgbak/imgbak.php hzzp:// rapidnow.com/imgbak/imgbak.php hzzp:// rayancom.ir/imgbak/imgbak.php hzzp:// razvlekis.cwx.ru/imgbak/imgbak.php hzzp:// reanet.com.ua/imgbak/imgbak.php hzzp:// savour.com/imgbak/imgbak.php hzzp:// sellpoint.ru/imgbak/imgbak.php hzzp:// shawata.com/imgbak/imgbak.php hzzp:// shipad.com/imgbak/imgbak.php hzzp:// simpleworks.org.ru/imgbak/imgbak.php hzzp:// stokelektro.com/imgbak/imgbak.php hzzp:// teknoalem.com/imgbak/imgbak.php hzzp:// udrcmon.org/imgbak/imgbak.php hzzp:// ukwaterbeds.com/imgbak/imgbak.php hzzp:// upets.kw.ukrtel.net/imgbak/imgbak.php hzzp:// usdzru.30.com1.ru/imgbak/imgbak.php hzzp:// voiceofjudea.com/imgbak/imgbak.php hzzp:// wmpage.com/imgbak/imgbak.php hzzp:// wol-poltava.org/imgbak/imgbak.php hzzp:// www.airaventura.com/imgbak/imgbak.php hzzp:// www.capten.get62host.com/imgbak/imgbak.php hzzp:// www.dahabhost.com/imgbak/imgbak.php hzzp:// www.globalvoicegroup.com/imgbak/imgbak.php hzzp:// www.gollesz-iregszemcse.sulinet.hu/imgbak/imgbak.php hzzp:// www.haarstudio-rosi.com/imgbak/imgbak.php hzzp:// www.jbt.co.yu/imgbak/imgbak.php hzzp:// www.killa.get62host.com/imgbak/imgbak.php hzzp:// www.mhg-media-solutions.com/imgbak/imgbak.php hzzp:// www.miningmongolia.mn/imgbak/imgbak.php hzzp:// www.oiltir.co.yu/imgbak/imgbak.php hzzp:// www.satdonbass.com/imgbak/imgbak.php hzzp:// www.svc.com.br/imgbak/imgbak.php hzzp:// www.tidconsulting.com/imgbak/imgbak.php hzzp:// www.tradelock.alternet.com.ua/imgbak/imgbak.php hzzp:// www.vargiyapi.net/imgbak/imgbak.php hzzp:// www.vatrachioreana.lx.ro/imgbak/imgbak.php hzzp:// www.violafarma.lv/imgbak/imgbak.php hzzp://
Re: [botnets] Spam botnet discovered
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi Gadi, I don't have time for all that obfu/deobfu games, take it as-is ;) Thanks, Dan Gadi Evron пишет: On Mon, 5 Nov 2007, Interspace System Department wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi again! Hope you doing well ;) Thanka again for posting. :) When obfuscating links, www shoudl be made into w ww. ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] Spam botnet discovered
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- The strange thing, that only you complaining about such behaviour ;) Anyway, these links is safe, as these bots spreading only through FTP (yes, stolen ftp accounts). Have fun, Dan Gadi Evron пишет: On Mon, 5 Nov 2007, Interspace System Department wrote: Hi Gadi, I don't have time for all that obfu/deobfu games, take it as-is ;) I quite understand, but as much as I regret having to say it, take your very valuable information somewhere else. :) Let me explain my position: These links get indexed, and at that point more web servers becomes compromised. I'd go as far as saying people can now seed your log so that you infect them when you report it and people follow links. Ethics and secure sharing are a bitch, but we have to live with them. I hope you understand. Thanks, Dan Gadi Evron ÿÿ: On Mon, 5 Nov 2007, Interspace System Department wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi again! Hope you doing well ;) Thanka again for posting. :) When obfuscating links, www shoudl be made into w ww. ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] Spam botnet discovered
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Is it your list? You are moderator? Gadi Evron пишет: On Mon, 5 Nov 2007, Interspace System Department wrote: The strange thing, that only you complaining about such behaviour ;) I am not complaining, I am dictating. Thanks again. Anyway, these links is safe, as these bots spreading only through FTP (yes, stolen ftp accounts). Have fun, Dan Gadi Evron ÿÿ: On Mon, 5 Nov 2007, Interspace System Department wrote: Hi Gadi, I don't have time for all that obfu/deobfu games, take it as-is ;) I quite understand, but as much as I regret having to say it, take your very valuable information somewhere else. :) Let me explain my position: These links get indexed, and at that point more web servers becomes compromised. I'd go as far as saying people can now seed your log so that you infect them when you report it and people follow links. Ethics and secure sharing are a bitch, but we have to live with them. I hope you understand. Thanks, Dan Gadi Evron ÿÿ: On Mon, 5 Nov 2007, Interspace System Department wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi again! Hope you doing well ;) Thanka again for posting. :) When obfuscating links, www shoudl be made into w ww. ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] .br botnet found
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi, Just found couple .br botnets. Here is links to their bots: http ://www.pucorp.t5.com.br! /pbot.txt http ://br.geocities.com! /godowns666/ritinha.txt http ://br.geocities.com! /godowns666/safe.txt Have fun in your findings!!! PS: the first one have 312 bots on his chan! Thanks, Dan ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] Infected by bots
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi! This weekend I've been monitoring some IRC server with a lot of bots. Here is a list of compromised hosts. All have PHP-inclusion related holes :( 210.59.120.219 haco3.kr isobook.com kavalan.com laoportunidadweb.com.ar mail.kevin.seek-fun.com.tw missa.or.kr uprightmedia.co.th www.acs.sk www.burnsidegenealogy.com www.clan-oceans-eleven.de www.cyberzane.net www.dutyofcare.org.au www.fu-yuen.com.cn www.gspijkerman.nl www.jindotour.com www.meisterpokale24.de www.panteon.com.ua www.santanascoffee.com.mx www.stricklyjamin.com www.taxandria.nl www.tour.jindo.kr zsk-gazprom.ru PS: Full entry's available too, but not going to be published. PPS: To these hosts admins - please check /dev/shm/.kde, you have nice mech-bot there ;))) Best Regards, Dan ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] Infected by bots
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi Philipp! No, i did not notify these admins. I really don't have time for this... :( Sorry. Thanks, Dan Philipp Bescht wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- On Sun, 09 Mar 2008 14:04:12 +0200 Interspace System Department [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi! This weekend I've been monitoring some IRC server with a lot of bots. Here is a list of compromised hosts. All have PHP-inclusion related holes :( 210.59.120.219 haco3.kr isobook.com kavalan.com laoportunidadweb.com.ar mail.kevin.seek-fun.com.tw missa.or.kr uprightmedia.co.th www.acs.sk www.burnsidegenealogy.com www.clan-oceans-eleven.de www.cyberzane.net www.dutyofcare.org.au www.fu-yuen.com.cn www.gspijkerman.nl www.jindotour.com www.meisterpokale24.de www.panteon.com.ua www.santanascoffee.com.mx www.stricklyjamin.com www.taxandria.nl www.tour.jindo.kr zsk-gazprom.ru PS: Full entry's available too, but not going to be published. PPS: To these hosts admins - please check /dev/shm/.kde, you have nice mech-bot there ;))) Best Regards, Dan ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets Hi Dan, did you notify the admins already? I dont think they will read this list, and at least meisterpokale24.de is an online shop, which makes it real important to get rid of the malware. Anyway, thanks for the info! Regards, Philipp Bescht ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets