funsec mailing list archives
ISC Shuts down botnet.
From: Nicholas Albright <nalbright () shadowserver org>
Date: Sat, 14 Jan 2006 17:14:33 -0700
{snip isc.sans.org} The channel used to control the bots, '#-sd-bot', is using a standard command to instruct its members to scan an IP range for a particular vulnerability. On the other hand, if a human should connect to the host and issue a '/list' command to find out about channels on that server, the following message is displayed: /list *** Channel Users Topic *** #help 1 IF YOU ARE HERE ITS BECAUSE I MIGHT HAVE INFECTED ONE OF YOUR MACHINES, DONT WORRY NOTHING IS GONNA BE HARMED WITH THE DRONES, FOR FURTHER INFORMATION ON REMOVALS PLS VISIT - WWW . NORTONANTIVIRUSES . COM - OR LEAVE A MSG KTHX. {snip} So he changed his topic: -:- Topic (#help): changed by burt0n: IF YOU ARE HERE ITS BECAUSE I MIGHT HAVE INFECTED ONE OF YOUR MACHINES, DONT WORRY NOTHING IS GONNA BE HARMED WITH THE DRONES, FOR FURTHER INFORMATION ON REMOVALS PLS VISIT - WWW.SYMANTEC.COM - OR LEAVE A MSG KTHX. ....however, I guess he didn't like the exposure...after a few hours: -:- SignOff burt0n: #help (User has been permanently banned from burt0n.IRC (#linuxsex@undernet)) -:- Connection closed from xx.43.235.xxx: Success -:- BitchX: Servers exhausted. Restarting. Score: ISC 1 - Burt0n 0 :) -- Nicholas Albright
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ISC Shuts down botnet. Nicholas Albright (Jan 14)