To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
This botnet is interesting to me because the owner knows something about the COX ISP's security system. COX has an ircd system in place to catch drones. The service they use is called Marvin.
The trojan came to us via a honeypot operating inthe NZ area: Report on cox-securitymarvin.exe - ******************************************** MD5: f766e46e42bf32d58ea28062f262249e AntiVir: Worm/RBot.328262 Avast!: Win32:Trojano-3428 [Trj] AVG: No Virus Found BitDefender: Backdoor.RBot.0E463EAA ClamAV: Exploit.DCOM.Gen F-Prot: W32 Ircbot1.gen SERVER: 205.209.156.33 PORT: 6667 NICK: Cox-Security-|-123456 USER CONNECT STRING: USER apbkay 0 0 :Cox-Security-|-123456 Bot Population: 63 Channel: ##cox## Chan Key: rofl Topic: .root.mass -s Operator: opwirpwoeipweior The bot was poorly spread, as it doesn't use any packing or obscuring techniques, its quickly picked up by all the virus scanners and strings output will display useful information. -- Nicholas Albright Founder of Shadowserver.org http://www.shadowserver.org
pgpj8pmVF6VnZ.pgp
Description: PGP signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
