Full Disclosure mailing list archives

Re: Worm phone home site question

From: ggfirst <guirad_g () epita fr>
Date: Tue, 27 Sep 2005 14:16:59 +0200

On 9/27/05, odinanne <odinanne () comcast net> wrote:

210.240.39.40  tcp 2255, 5522, 9009

This is the phone home site for a worm found on the network.  Any idea
what service they are running on these ports or how to loggin or register?

This is the worm.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2ECGY&VSect=P


Hello,

it appears to be a classical IRC server.
So, you can easily login with any IRC client.
But I can't get the list of available channels.


--
ggfirst
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Worm phone home site question odinanne (Sep 27)
- Re: Worm phone home site question ggfirst (Sep 27)
- Re: Worm phone home site question Michael Holstein (Sep 27)
  - Re: Worm phone home site question Andrew A (Sep 27)
    - Re[2]: Worm phone home site question phased (Sep 27)