lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: opticfiber at topsight.net (opticfiber)
Subject: RE: Secure.dcom.exe

On a chance I connected to the irc server mentioned.(irc.homelien.no). 
Did a channel search for "rpc" and found a channel called "#rpcfucked" 
with a contant stream of clients connecting and disconnecting. Below is 
a transcript of the channel for about five minutes or so.


Start of #rpcfucked buffer: Fri Aug 08 14:58:58 2003
[14:55] *** Now talking in #rpcfucked
. .. ..---------------.---------------.---------------.---------------.
. .. .| \BILL. .. .. .. .. .. .. .. . | O86690388. .. .. .. . | 
@O41147358. .. .. . | .. .. .. .. .. .. .. .. .. .. .. .. .. . |
. .. .'---------------'---------------'---------------'---------------'
[.12X.] [o: .121.][v: .120.][n: .122.][t: .123.][m: .12+tn.]
[14:55] *** Quits: O86690388 (Quit: Bye!.)
[14:55] *** Joins: O39614024 (~O39614024@...-082-082-157-243.arcor-ip.net
)
[14:55] *** Joins: O53226916 (~O53226916@...-213-023-244-152.arcor-ip.net
)
[14:55] *** Joins: O2193002 (Reggie26@...l-pool-66-186-232-164.eatel.net)
[14:55] <O39614024> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[82-82-15
  7-243][169-254-138-152]}{Computer_Name:_THOMAS}{Current_User_Name:_ZEUS
  }{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}
  {Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_
  Service_Pack_1}{Webcam:_No}
[14:55] <O53226916> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-1][213-23-244-152]}{Computer_Name:_JAJA1}{Current_User_Name:_Chef}{Id
  entification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Ins
  talled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Serv
  ice_Pack_1}{Webcam:_No}
[14:55] <O2193002> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-23
  2-164]}{Computer_Name:_YOUR-EZ9QS4OHFG}{Current_User_Name:_Reggie}{Iden
  tification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Insta
  lled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Servic
  e_Pack_1}{Webcam:_Yes}
[14:55] *** Joins: O57406008 (~O57406008@...-082-082-158-031.arcor-ip.net
)
[14:55] <O57406008> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-2][82-82-158-31]}{Computer_Name:_WIECZOREK}{Current_User_Name:_F.Wiec
  zorek}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_
  3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_
  2600_Service_Pack_1}{Webcam:_No}
[14:55] *** Quits: O39614024 (Quit: Bye!.)
[14:55] *** Quits: O53226916 (Quit: Bye!.)
[14:55] *** Quits: O2193002 (Quit: Bye!.)
[14:55] *** Quits: O57406008 (Quit: Bye!.)
[14:55] *** Joins: O32784802 (obrdj189@...l-pool-66-186-233-91.eatel.net)
[14:55] *** Joins: O25926540 (~O25926540@...-082-082-156-047.arcor-ip.net
)
[14:55] *** Joins: O96762633 (~O96762633@...l-pool-66-186-231-110.eatel.n
et)
[14:55] <O25926540> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  117-227][82-82-156-47]}{Computer_Name:_JOHNJAY}{Current_User_Name:_patt
  oo}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_341
  0}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_260
  0_Service_Pack_1}{Webcam:_No}
[14:55] <O32784802> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-91]}{Computer_Name:_LOUIS-BROWNING}{Current_User_Name:_Louis_Brownin
  g}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410
  }{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600
  _Service_Pack_1}{Webcam:_No}
[14:55] *** Joins: O4031684 (~O4031684@...l-pool-66-186-233-196.eatel.net
)
[14:55] <O4031684> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-23
  3-196]}{Computer_Name:_D3QGNK21}{Current_User_Name:_AMI}{Identification
  _name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_Troja
  n_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack_1}{
  Webcam:_No}
[14:55] *** Quits: O25926540 (Quit: Bye!.)
[14:55] *** Quits: O32784802 (Quit: Bye!.)
[14:55] *** Joins: O86993671 (~O86993671@...-213-023-243-153.arcor-ip.net
)
[14:55] *** Joins: O38066033 (~O38066033@...-082-082-158-142.arcor-ip.net
)
[14:55] <O86993671> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  62-246][213-23-243-153]}{Computer_Name:_WINDOWSXP}{Current_User_Name:_N
  orbert_und_Andrea}{Identification_name:_Joe_Bloggs_Returns}{Installed_T
  rojan_Port:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Win
  dows_XP_5.1_2600_Service_Pack_1}{Webcam:_Yes}
[14:55] <O38066033> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  70-3][82-82-158-142]}{Computer_Name:_STIRNI-IXT1X2T9}{Current_User_Name
  :_Meister}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Po
  rt:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_
  5.1_2600_Service_Pack_1}{Webcam:_Yes}
[14:55] *** Quits: O4031684 (Quit: Bye!.)
[14:55] *** Quits: O86993671 (Quit: Bye!.)
[14:55] *** Quits: O38066033 (Quit: Bye!.)
[14:56] *** Joins: O2686667 (bzlm@...l-pool-66-186-231-118.eatel.net)
[14:56] <O2686667> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-23
  1-118]}{Computer_Name:_DD3W4X21}{Current_User_Name:_rii_rr}{Identificat
  ion_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_Tr
  ojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack_
  1}{Webcam:_No}
[.12X.] Erroneous nickname, please try again.
[14:56] *** Quits: O2686667 (Quit: Bye!.)
[14:56] *** Joins: O83755710 (~O83755710@...-082-082-157-243.arcor-ip.net
)
[14:56] <O83755710> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[82-82-15
  7-243][169-254-138-152]}{Computer_Name:_THOMAS}{Current_User_Name:_ZEUS
  }{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}
  {Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_
  Service_Pack_1}{Webcam:_No}
[14:56] *** Joins: O42490583 (~O42490583@...-213-023-244-152.arcor-ip.net
)
[14:56] <O42490583> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-1][213-23-244-152]}{Computer_Name:_JAJA1}{Current_User_Name:_Chef}{Id
  entification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Ins
  talled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Serv
  ice_Pack_1}{Webcam:_No}
[14:56] *** Joins: O39962793 (Reggie26@...l-pool-66-186-232-164.eatel.net
)
[14:56] <O39962793> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  32-164]}{Computer_Name:_YOUR-EZ9QS4OHFG}{Current_User_Name:_Reggie}{Ide
  ntification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Inst
  alled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Servi
  ce_Pack_1}{Webcam:_Yes}
[14:56] *** Joins: O79063507 (~O79063507@...-082-082-158-031.arcor-ip.net
)
[14:56] <O79063507> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-2][82-82-158-31]}{Computer_Name:_WIECZOREK}{Current_User_Name:_F.Wiec
  zorek}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_
  3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_
  2600_Service_Pack_1}{Webcam:_No}
[14:56] *** Quits: O83755710 (Quit: Bye!.)
[14:56] *** Quits: O42490583 (Quit: Bye!.)
[.12X.] Erroneous nickname, please try again.
[14:56] *** Quits: O39962793 (Quit: Bye!.)
[14:56] *** Joins: O97698986 (obrdj189@...l-pool-66-186-233-91.eatel.net)
[14:56] *** Quits: O79063507 (Quit: Bye!.)
[14:56] <O97698986> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-91]}{Computer_Name:_LOUIS-BROWNING}{Current_User_Name:_Louis_Brownin
  g}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410
  }{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600
  _Service_Pack_1}{Webcam:_No}
[14:56] *** Joins: O11121298 (~O11121298@...-082-082-156-047.arcor-ip.net
)
[14:56] <O11121298> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  117-227][82-82-156-47]}{Computer_Name:_JOHNJAY}{Current_User_Name:_patt
  oo}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_341
  0}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_260
  0_Service_Pack_1}{Webcam:_No}
[14:56] *** Joins: O81466610 (~O81466610@...l-pool-66-186-231-110.eatel.n
et)
[14:56] <O81466610> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  31-110]}{Computer_Name:_JANE-3S3KAPVSUJ}{Current_User_Name:_Jane}{Ident
  ification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Instal
  led_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service
  _Pack_1}{Webcam:_No}
[14:56] *** Quits: O97698986 (Quit: Bye!.)
[14:56] *** Quits: O11121298 (Quit: Bye!.)
[14:56] *** Quits: O81466610 (Quit: Bye!.)
[14:56] *** Quits: O41147358 (Ping timeout: 180 seconds.)
[14:56] *** Joins: O64071293 (~O64071293@...l-pool-66-186-233-196.eatel.n
et)
[14:56] <O64071293> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-196]}{Computer_Name:_D3QGNK21}{Current_User_Name:_AMI}{Identificatio
  n_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_Troj
  an_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack_1}
  {Webcam:_No}
[14:56] *** Joins: O90096394 (~O90096394@...-082-082-158-142.arcor-ip.net
)
[14:56] <O90096394> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  70-3][82-82-158-142]}{Computer_Name:_STIRNI-IXT1X2T9}{Current_User_Name
  :_Meister}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Po
  rt:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_
  5.1_2600_Service_Pack_1}{Webcam:_Yes}
[14:56] *** Joins: O47218992 (~O47218992@...-213-023-243-153.arcor-ip.net
)
[14:56] *** Quits: O64071293 (Quit: Bye!.)
[14:57] *** Quits: O90096394 (Quit: Bye!.)
[14:57] *** Joins: O92370138 (xcdkckhkd@...l-pool-66-186-231-118.eatel.ne
t)
[14:57] <O92370138> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  31-118]}{Computer_Name:_DD3W4X21}{Current_User_Name:_rii_rr}{Identifica
  tion_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_T
  rojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack
  _1}{Webcam:_No}
[14:57] *** Joins: O46089129 (~O46089129@...-082-082-157-243.arcor-ip.net
)
[14:57] *** Joins: O57197547 (~O57197547@...-213-023-244-152.arcor-ip.net
)
[14:57] <O57197547> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-1][213-23-244-152]}{Computer_Name:_JAJA1}{Current_User_Name:_Chef}{Id
  entification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Ins
  talled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Serv
  ice_Pack_1}{Webcam:_No}
[14:57] *** Quits: O92370138 (Quit: Bye!.)
[14:57] *** Joins: O39992463 (Reggie26@...l-pool-66-186-232-164.eatel.net
)
[14:57] <O39992463> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  32-164]}{Computer_Name:_YOUR-EZ9QS4OHFG}{Current_User_Name:_Reggie}{Ide
  ntification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Inst
  alled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Servi
  ce_Pack_1}{Webcam:_Yes}
[14:57] *** Joins: O26840934 (~O26840934@...-082-082-158-031.arcor-ip.net
)
[14:57] <O26840934> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-2][82-82-158-31]}{Computer_Name:_WIECZOREK}{Current_User_Name:_F.Wiec
  zorek}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_
  3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_
  2600_Service_Pack_1}{Webcam:_No}
[14:57] *** Quits: O57197547 (Quit: Bye!.)
[14:57] *** Quits: O39992463 (Quit: Bye!.)
[14:57] *** Quits: O26840934 (Quit: Bye!.)
[14:57] *** Joins: O93450467 (obrdj189@...l-pool-66-186-233-91.eatel.net)
[14:57] <O93450467> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-91]}{Computer_Name:_LOUIS-BROWNING}{Current_User_Name:_Louis_Brownin
  g}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410
  }{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600
  _Service_Pack_1}{Webcam:_No}
[14:57] *** Joins: O20023043 (~O20023043@...-082-082-156-047.arcor-ip.net
)
[14:57] <O20023043> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  117-227][82-82-156-47]}{Computer_Name:_JOHNJAY}{Current_User_Name:_patt
  oo}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_341
  0}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_260
  0_Service_Pack_1}{Webcam:_No}
[14:57] *** Joins: O29378273 (~O29378273@...l-pool-66-186-231-110.eatel.n
et)
[14:57] <O29378273> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  31-110]}{Computer_Name:_JANE-3S3KAPVSUJ}{Current_User_Name:_Jane}{Ident
  ification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Instal
  led_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service
  _Pack_1}{Webcam:_No}
[14:57] *** Quits: O93450467 (Quit: Bye!.)
[14:57] *** Quits: O20023043 (Quit: Bye!.)
[14:57] *** Quits: O29378273 (Quit: Bye!.)
[14:57] *** Joins: O55323265 (~O55323265@...l-pool-66-186-233-196.eatel.n
et)
[14:57] <O55323265> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-196]}{Computer_Name:_D3QGNK21}{Current_User_Name:_AMI}{Identificatio
  n_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_Troj
  an_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack_1}
  {Webcam:_No}
[14:57] *** Joins: O4348300 (~O4348300@...-082-082-158-142.arcor-ip.net)
[14:57] <O4348300> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-7
  0-3][82-82-158-142]}{Computer_Name:_STIRNI-IXT1X2T9}{Current_User_Name:
  _Meister}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Por
  t:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5
  .1_2600_Service_Pack_1}{Webcam:_Yes}
[14:57] *** Quits: O55323265 (Quit: Bye!.)
[14:57] *** Joins: O59415107 (~O59415107@...-213-023-243-153.arcor-ip.net
)
[14:57] <O59415107> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  62-246][213-23-243-153]}{Computer_Name:_WINDOWSXP}{Current_User_Name:_N
  orbert_und_Andrea}{Identification_name:_Joe_Bloggs_Returns}{Installed_T
  rojan_Port:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Win
  dows_XP_5.1_2600_Service_Pack_1}{Webcam:_Yes}
[14:58] *** Quits: O4348300 (Quit: Bye!.)
[14:58] *** Quits: O59415107 (Quit: Bye!.)
[14:58] *** Joins: O59143259 (poenkqz@...l-pool-66-186-231-118.eatel.net)
[14:58] <O59143259> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  31-118]}{Computer_Name:_DD3W4X21}{Current_User_Name:_rii_rr}{Identifica
  tion_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_T
  rojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack
  _1}{Webcam:_No}
[14:58] *** Joins: O15416911 (~O15416911@...-082-082-157-243.arcor-ip.net
)
[14:58] <O15416911> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[82-82-15
  7-243][169-254-138-152]}{Computer_Name:_THOMAS}{Current_User_Name:_ZEUS
  }{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}
  {Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_
  Service_Pack_1}{Webcam:_No}
[14:58] *** Joins: O22089898 (~O22089898@...-213-023-244-152.arcor-ip.net
)
[14:58] *** Quits: O59143259 (Quit: Bye!.)
[14:58] <O22089898> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-1][213-23-244-152]}{Computer_Name:_JAJA1}{Current_User_Name:_Chef}{Id
  entification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Ins
  talled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Serv
  ice_Pack_1}{Webcam:_No}
[.12X.] Netsplit detected at .122:58pm. between 
.12ircd.servercentral.net. and
  .12ircd.arcti.ca.
[.12X.] Press .12sF10. to see who split away.
[.12X.] To join split (.12ircd.arcti.ca.) in an irc2 session, press .12F11..
[14:58] *** Quits: O22089898 (Quit: Bye!.)
[14:58] *** Quits: O15416911 (Quit: Bye!.)
[14:58] *** Joins: O66411217 (Reggie26@...l-pool-66-186-232-164.eatel.net
)
[14:58] <O66411217> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  32-164]}{Computer_Name:_YOUR-EZ9QS4OHFG}{Current_User_Name:_Reggie}{Ide
  ntification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Inst
  alled_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Servi
  ce_Pack_1}{Webcam:_Yes}
[14:58] *** Joins: O69423328 (~O69423328@...-082-082-158-031.arcor-ip.net
)
[14:58] <O69423328> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[192-168-
  0-2][82-82-158-31]}{Computer_Name:_WIECZOREK}{Current_User_Name:_F.Wiec
  zorek}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_
  3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_
  2600_Service_Pack_1}{Webcam:_No}
[14:58] *** Joins: O83035184 (~O83035184@...-082-082-156-047.arcor-ip.net
)
[14:58] *** Joins: O17276233 (obrdj189@...l-pool-66-186-233-91.eatel.net)
[14:58] <O83035184> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-
  117-227][82-82-156-47]}{Computer_Name:_JOHNJAY}{Current_User_Name:_patt
  oo}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_341
  0}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_260
  0_Service_Pack_1}{Webcam:_No}
[14:58] <O17276233> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-91]}{Computer_Name:_LOUIS-BROWNING}{Current_User_Name:_Louis_Brownin
  g}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410
  }{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600
  _Service_Pack_1}{Webcam:_No}
[14:58] *** Joins: O1187081 (~O1187081@...l-pool-66-186-231-110.eatel.net
)
[14:58] <O1187081> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-23
  1-110]}{Computer_Name:_JANE-3S3KAPVSUJ}{Current_User_Name:_Jane}{Identi
  fication_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Install
  ed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_
  Pack_1}{Webcam:_No}
[14:58] *** Quits: O96762633 (Ping timeout: 180 seconds.)
[14:58] *** Quits: O66411217 (Quit: Bye!.)
[14:58] *** Quits: O69423328 (Quit: Bye!.)
[14:58] *** Quits: O83035184 (Quit: Bye!.)
[14:58] *** Quits: O17276233 (Quit: Bye!.)
[14:58] *** Quits: O1187081 (Quit: Bye!.)
[14:58] *** Joins: O42189641 (~O42189641@...l-pool-66-186-233-196.eatel.n
et)
[14:58] <O42189641> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[66-186-2
  33-196]}{Computer_Name:_D3QGNK21}{Current_User_Name:_AMI}{Identificatio
  n_name:_Joe_Bloggs_Returns}{Installed_Trojan_Port:_3410}{Installed_Troj
  an_Password:_NONE}{Windows_Version:_Windows_XP_5.1_2600_Service_Pack_1}
  {Webcam:_No}
[14:58] *** Joins: O8709877 (~O8709877@...-082-082-158-142.arcor-ip.net)
[14:58] <O8709877> Optix_Pro_v1.31_Server_Online:_{Ip_address:_[169-254-7
  0-3][82-82-158-142]}{Computer_Name:_STIRNI-IXT1X2T9}{Current_User_Name:
  _Meister}{Identification_name:_Joe_Bloggs_Returns}{Installed_Trojan_Por
  t:_3410}{Installed_Trojan_Password:_NONE}{Windows_Version:_Windows_XP_5
  .1_2600_Service_Pack_1}{Webcam:_Yes}
[14:58] *** Quits: O42189641 (Quit: Bye!.)
End of #rpcfucked buffer    Fri Aug 08 14:58:58 2003

With Regard,
William Reyor
http://www.topsight.net


-----Original Message-----
> From: Lee Evans [mailto:lee@...evans.org] 
> Sent: Wednesday, August 06, 2003 5:50 AM
> To: incidents@...urityfocus.com
> Subject: Secure.dcom.exe

Hi All,

> 
> I have found an executable called secure.dcom.exe when 
> looking around a customers server. They hadnt patched the 
> server above SP4 and I assume it has been exploited using the 
> RPC DCOM vulnerability. A serv-u ftp server has been 
> installed, but im still looking into it to see if I can spot 
> anything else. Netstat shows a bunch of outgoing connections 
> to 6667 - irc.homelien.no. Unfortunately there are no IDS or 
> other systems on this network segment I can use, so im 
> looking for someway to capture this traffic and hopefully 
> track down some more details on the irc traffic - if anyone 
> can recommend a good (preferably free) traffic sniffer I can 
> quickly install on the host locally (win2k sp4) to decode the 
> IRC traffic I would be grateful.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ