To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
I caught a bot with nepenthes this morning. Norman says that it connected to this address - "o2.zener.co.jp" on port 4997 (TCP). There are about 25 active bots in the channel #satan2, all with IP addresses encrypted. It is an rxbot.
I noticed that they are sending commands via the topic field in the channel. Would it be possible for an organization to reroute their DNS entries to a local IRC server and issue something like a .remove command in the topic?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
