To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
> > upx: rp5.exe: Exception: checksum error. > > Which is obviously why Norman sandbox stated, for this particular binary.. > > nepenthes-9291587b85191b06bbf80d4ea1fb142e-rp5.exe : Not detected by > sandbox (Signature: NO_VIRUS). This has is a witlog trojan. He packs his files with a hacked packer that prints UPX style strings. (which is why most AV's aren't real quick on detecting it) Server: 211.239.167.136 Port: 9768 Connect Info: PASS y3-buy-witl0g NICK [P00|USA|12345] USER XP-8532 * 0 :MACHINE NAME :irc.whatthe****.com 004 [P00|USA|12345] :irc.whatthe****.com 005 [P00|USA|12345] :irc.whatthe****.com 005 [P00|USA|12345] :irc.whatthe****.com 422 [P00|USA|12345] :MOTD File is missing :[P00|USA|12345] MODE [P00|USA|12345] :+iwRx JOIN #w1tRv6 r3pw1tl0l FWIW: He also has an (irc) SSL port open on port: 9678 -- Nicholas Albright http://www.shadowserver.org [EMAIL PROTECTED] (rm -rf C\&C)
pgpHUTnqr8peS.pgp
Description: PGP signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
