To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Sun, 21 May 2006, Jörg Weber wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hi Gadi, > > > Just a guess: an IRC based C&C which is either on a bad > > connection or very over-loaded with bots. > I don't think it is a very bad connection, as > symantec.loves.the.cock.pheer.biz seems to be an alias for at least seven > Ips. Plus, the response time itself is not bad on the commands I figured out. > I'd think it is an IRC-Based C&C without implementing all or some modified > subset of IRC commands.
Are you able to connect and then have problems getting information because of disabled/renamed commands, etc. or are not even connecting (timing out, refused, etc.)? > > Cheers, > > Joerg > > -- > Joerg Weber M. A. > Teamleiter Netzwerk-Sicherheit/Netzwerk-Applikationen > > infoServe GmbH > Nell-Breuning-Allee 6 > D-66115 Saarbruecken > > T: (0681) 8 80 08 - 59 > F: (0681) 8 80 08 - 33 > www.infos.de > mailto: [EMAIL PROTECTED] > > > -----Original Message----- > > From: Gadi Evron [mailto:[EMAIL PROTECTED] > > Sent: Sunday, May 21, 2006 12:20 PM > > To: Jörg Weber > > Cc: [email protected] > > Subject: Re: [botnets] Weird bot > > > > On Sat, 20 May 2006, Jörg Weber wrote: > > > Hi folks, > > > > > > I found this funny thing during the weekend: > > > It connects to symantec.loves.the.cock.pheer.biz 18067 and > > seems to initiate something akin to an IRC session: > > > > > > USeR l l l l > > > > > > NiCK l5-00050c7b > > > > > > :a4 433 * l5-00050c7b : > > > NiCK l5-00051247 > > > > > > :a4 001 l5-00051247 : > > > USeRHOST l5-00051247 > > > > > > :a4 302 l5-00051247 :[EMAIL PROTECTED] > > > JOiN #l5t3 dlrowymx0ri > > > > > > :a4 366 l5-00051247 #l5t3 : > > > > > > Trying to connect to that box by telnet/netcat/irc fails at > > times and works sometimes, but I couldn't get the server to > > spill out any useful information. > > > > > > Does someone have a clue what this beast is? > > > > Just a guess: an IRC based C&C which is either on a bad > > connection or very over-loaded with bots. > > > > Gadi. > > > > > > > > Cheers, > > > > > > J. > > > _______________________________________________ > > > To report a botnet PRIVATELY please email: > > [EMAIL PROTECTED] All list > > > and server information are public and available to law > > enforcement upon request. > > > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > > > > > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
