[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon Aug 8 21:02:32 2005
From: intrusiondetection at gmail.com (Jeremy)
Subject: What is this
On 8/8/05, Armando Rogerio Brand?o Guimaraes Junior
<arjunior@...ps.com.br> wrote:
> Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
> AntiVirus and SpyBot doesn?t detect!!!
>
> Armando Guimar?es Jr
Installs a bot. Looks up lists2.dc21business.com, connects to an IRC
server on port 12000. Joins a few rooms. Gets a message/command to
download http://home.comcast.net/~soliveria/n3.exe . Does so, then
gets a message to download http://home.comcast.net/~ebaker1973/up.exe
. Reports to http://dos2.deadlist.net/ . Joins another IRC server at
204.8.34.78 port 12000. Gets told to download
http://hec-ulg-entrepreneurs.com/3.exe , then
http://hec-ulg-entrepreneurs.com/1.exe . Starts a netbios scan of
local network. Joins several different irc chats. It just keeps going
and going and going.... Lots of spyware, lots of malware, chaos.
Still watching,
~J
Powered by blists - more mailing lists