|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: NANOG wins a bot
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Rob Thomas > Sent: Monday, June 17, 2002 9:22 PM > To: NANOG > Subject: NANOG wins a bot > > > > Hi, all. > > This evening the NANOG mailing list received e-mail from a > "jim bruer," > aka [email protected] This e-mail, with a topic of "ConfigMaker > Beta" (a Cisco product) included an attachment labelled as > "cisco_configmaker.exe." This is actually a war bot known as > Slackbot, > version 1.0. This bot attempts to connect to the IRC server > irc.easynews.com, 140.99.102.3. This IP address is part of the > 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson > Interconnect). The channel is #midgets_in_drag with no channel key. .. Just for the record, we are in no way affiliated with this trojan :) > The server is not running, so this botnet (perhaps an old one) is not > available for woe. The bot runs on Windows as wuordona.exe, and > installs in c:\winnt\. It will be available for woe once again tomorrow morning (down for maint.), so be afraid.. > > This is likely an attempt by some miscreants to build a botnet through > the e-mail spam method. Since Slackbot does not include a spam > mechanism, some other bit of malware must be involved. > > Thanks, > Rob. > -- > Rob Thomas > http://www.cymru.com > ASSERT(coffee != empty); > > > Regards, Matt -- Matt Levine @Home: [email protected] @Work: [email protected] ICQ : 17080004 AIM : exile GPG : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX Regards, Matt -- Matt Levine @Home: [email protected] @Work: [email protected] ICQ : 17080004 AIM : exile GPG : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Rob Thomas > Sent: Monday, June 17, 2002 9:22 PM > To: NANOG > Subject: NANOG wins a bot > > > > Hi, all. > > This evening the NANOG mailing list received e-mail from a > "jim bruer," > aka [email protected] This e-mail, with a topic of "ConfigMaker > Beta" (a Cisco product) included an attachment labelled as > "cisco_configmaker.exe." This is actually a war bot known as > Slackbot, > version 1.0. This bot attempts to connect to the IRC server > irc.easynews.com, 140.99.102.3. This IP address is part of the > 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson > Interconnect). The channel is #midgets_in_drag with no channel key. > The server is not running, so this botnet (perhaps an old one) is not > available for woe. The bot runs on Windows as wuordona.exe, and > installs in c:\winnt\. > > This is likely an attempt by some miscreants to build a botnet through > the e-mail spam method. Since Slackbot does not include a spam > mechanism, some other bit of malware must be involved. > > Thanks, > Rob. > -- > Rob Thomas > http://www.cymru.com > ASSERT(coffee != empty); > > >
|