|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NANOG wins a bot
Is this part of the debate regarding security of closed source systems vs. open source systems? --On Monday, 17 June 2002 23:22 -0500 Rob Thomas <[email protected]> wrote: Hi, all. This evening the NANOG mailing list received e-mail from a "jim bruer," aka [email protected] This e-mail, with a topic of "ConfigMaker Beta" (a Cisco product) included an attachment labelled as "cisco_configmaker.exe." This is actually a war bot known as Slackbot, version 1.0. This bot attempts to connect to the IRC server irc.easynews.com, 140.99.102.3. This IP address is part of the 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson Interconnect). The channel is #midgets_in_drag with no channel key. The server is not running, so this botnet (perhaps an old one) is not available for woe. The bot runs on Windows as wuordona.exe, and installs in c:\winnt\. This is likely an attempt by some miscreants to build a botnet through the e-mail spam method. Since Slackbot does not include a spam mechanism, some other bit of malware must be involved. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty); -- Joseph T. Klein +1 414 628 3380 Speaking for self. [email protected] Attachment:
pgp00010.pgp
|