lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Aug  8 21:02:32 2005
From: intrusiondetection at gmail.com (Jeremy)
Subject: What is this

On 8/8/05, Armando Rogerio Brand?o Guimaraes Junior
<arjunior@...ps.com.br> wrote:
> Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
> AntiVirus and SpyBot doesn?t detect!!!
> 
> Armando Guimar?es Jr

Installs a bot. Looks up lists2.dc21business.com, connects to an IRC
server on port 12000. Joins a few rooms. Gets a message/command to
download http://home.comcast.net/~soliveria/n3.exe . Does so, then
gets a message to download  http://home.comcast.net/~ebaker1973/up.exe
. Reports to http://dos2.deadlist.net/ . Joins another IRC server at
204.8.34.78 port 12000. Gets told to download
http://hec-ulg-entrepreneurs.com/3.exe , then
http://hec-ulg-entrepreneurs.com/1.exe . Starts a netbios scan of
local network. Joins several different irc chats. It just keeps going
and going and going.... Lots of spyware, lots of malware, chaos.

Still watching,
~J

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ