Re: DCOM WORM - preface

["morning_wood" <se_cur_ity () hotmail com>]

if you look at the sample you will see those are connect strings of the
sdbot
attacking my system from infected systems


> jihpt@ nigga2 exploitlabs.com #0sec nigger exploitlabs.com
> #whore nigger
exploitlabs.com  <---- server (dns ) to attack
#0sec <--- chanel to join
nigger / nigga2 <--- password for the bots

> Proc32.exe
    ^^^^^^^^---- if you have this you are infected and attacking me


> Critical Process Monitor
> mIRC v6.03 Khaled Mardam-Bey
^^^^^^^^^^^^^^^^^^^^^^^^^^^^--------- basic irc interface component in the
sdbot

> wtf is that supposed to be?

any more questions? try to analyse the info first ok, try looking at the
sdbot configuration and you will see these things clearly as options.

Donnie Werner

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html