To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- > smart.exe extracts the following files to to c:\Windows\tok (scanned with > AntiVir)
It should be noted that the smart.exe you grabbed from darkblueroom is a RarSFX package. This can be unpacked with standard 'unrar', for those of you not wishing to run it. > mc-110-12-0000336.exe (DR/Dldr.NSIS.Agent.P.1) > smart.exe (?) > yaz.exe (TR/LowZones.CR.2) > zan.exe (TR/LowZones.CR.3) > run.bat > > I don't know yet what the unpacked smart.exe does. This one contains the following interesting strings: E.C.S. International1'0% Secure Application Development1 E.C.S. International0 +#o; www.ecsinternational.info0> HClick here to agree this download... (http://dollarrevenue.com/eula.asp?id=1950 I'd say it likely installs spyware on the compromised machine in order to make the bot herder money. > > nick.. -- PinkFreud Chief of Security, Nightstar IRC network irc.nightstar.net | www.nightstar.net Server Administrator - Blargh.CA.US.Nightstar.Net Unsolicited advertisements sent to this address are NOT welcome. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
