Re: [botnets] another irc client

Thu, 06 Apr 2006 16:09:06 -0700 

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
/snip
> > 70.168.74.193/strange  <<-- downloader
>
> Looks like something our good friend LordNikon might be behind.
/snip

What's the associate with "Plesk" admin pages. I see those included
often.... is the server being whacked through a Plesk sploit and being
used for spreading or is the attacker hosting something there or what?

Btw:
That Plesk page belongs to COX in ATL:
Cox Communications Inc. NETBLK-COX-ATLANTA-10 (NET-70-160-0-0-1)
                                  70.160.0.0 - 70.191.255.255
Cox Communications Inc. NETBLK-RI-OHFC-70-168-72-0 (NET-70-168-72-0-1)
                                  70.168.72.0 - 70.168.79.255

I think someone there watches this list yes?

thanks,
bf

On 4/5/06, PinkFreud <[EMAIL PROTECTED]> wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> On Wed, Apr 05, 2006 at 06:55:33AM -0500, [EMAIL PROTECTED] babbled thus:
> > I just don;t have time to look at it right now, so here is the link to
> > another botnet irc client:
> >
> > http://210.3.4.193/cmd.txt  <<-- defacer
>
> Indeed.
>
> > 70.168.74.193/strange  <<-- downloader
>
> Looks like something our good friend LordNikon might be behind.
>
> > 207.90.211.54/arts  <<-- actual client
>
> 404
>
> > http://72.34.42.241/~dancing/bash  <<-- spreader
>
> Actually, this is a Kaiten, which doesn't spread on it's own.
> Judging from strings in the usual places, it appears this beast
> connects to 205.237.246.203 and joins #aseasii with a key of aseasi
>
> The ip this thing connects to appears to be owned by:
> OrgName:    College Lionel-Groulx
> OrgID:      COLLEG-23
> Address:    100 rue Duquet
> City:       Sainte-Therese
> StateProv:  Quebec
> PostalCode: J7E 3G6
> Country:    CA
>
> > peace out.
>
> Indeed.
>
>
> --
> PinkFreud
> Chief of Security, Nightstar IRC network
> irc.nightstar.net | www.nightstar.net
> Server Administrator - Blargh.CA.US.Nightstar.Net
> Unsolicited advertisements sent to this address are NOT welcome.
> _______________________________________________
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> All list and server information are public and available to law enforcement 
> upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to