To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Mon, 2006-03-06 at 16:43 -0500, Lindsey Chesnutt wrote: > I caught a bot with nepenthes this morning. Norman says that it connected to > this address - "o2.zener.co.jp" on port 4997 (TCP). There are about 25 active > bots in the channel #satan2, all with IP addresses encrypted. It is an rxbot. > I noticed that they are sending commands via the topic field in the channel. > Would it be possible for an organization to reroute their DNS entries to a > local IRC server and issue something like a .remove command in the topic?
If you're going to do that, why not just lie around in the channel and wait for the password when the botnet controller authenticates? Usually you can do a .login and run the same commands you could run from the topic. However, if you're going to do a .download or a .remove or whatever, you're going into the sketchy legal ground of essentially running remote code on someone else's computer, albeit for a benevolent purpose. Jeremy Linden _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
