To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Jeremy Linden wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > On Mon, 2006-03-06 at 16:43 -0500, Lindsey Chesnutt wrote: > >>I caught a bot with nepenthes this morning. Norman says that it connected to >>this address - "o2.zener.co.jp" on port 4997 (TCP). There are about 25 active >>bots in the channel #satan2, all with IP addresses encrypted. It is an rxbot. >>I noticed that they are sending commands via the topic field in the channel. >>Would it be possible for an organization to reroute their DNS entries to a >>local IRC server and issue something like a .remove command in the topic? > > > If you're going to do that, why not just lie around in the channel and > wait for the password when the botnet controller authenticates? Usually > you can do a .login and run the same commands you could run from the > topic. However, if you're going to do a .download or a .remove or > whatever, you're going into the sketchy legal ground of essentially > running remote code on someone else's computer, albeit for a benevolent > purpose.
She doesn't have to, we more than can use that kind of a report. _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
