To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
another botnet...
found channel #m00 with the botherder but not the channel with the
drones. didnt notify IP owner nor dynip hoster.
cheers
andrej
malware: bar 1c1fe03b9b1d849b6af1cf2aa2acd04b
## Norman.com extract:
[ Network services ]
* Connects to "wise911.dynu.com" on port 6667 (IP).
* Connects to IRC server.
* IRC: Uses nickname ]tG[-CurrentUser7.
* IRC: Uses username CurrentUser7.
## join the fun
telnet wise911.dynu.com 6667
Connected to wise911.dynu.com.Escape character is '^]'.
:irc.m00.gov NOTICE AUTH :*** Looking up your hostname...
:irc.m00.gov NOTICE AUTH :*** Found your hostname (cached)
user CurrentUser7 dummy dummy dummy
nick Z
:irc.m00.gov NOTICE Z :*** If you are having problems connecting due
to ping timeouts, please type /quote pong B16D3169 or /raw pong
B16D3169 now.PING :B16D3169
pong B16D3169
:irc.m00.gov 001 Z :Welcome to the h4cker IRC Network Z!
[EMAIL PROTECTED]:irc.m00.gov 002 Z :Your host is irc.m00.gov, running
version Unreal3.2-beta19
:irc.m00.gov 003 Z :This server was created Sun Feb 8 18:58:31
2004:irc.m00.gov 004 Z irc.m00.gov Unreal3.2-beta19
iowghraAsORTVSxNCWqBzvdHtGp
lvhopsmntikrRcaqOALQbSeKVfMGCuzN:irc.m00.gov 005 Z MAP KNOCK SAFELIST
HCN MAXCHANNELS=10 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307
MAXTARGETS=20 AWAYLEN=307 :are supported by this server
:irc.m00.gov 005 Z WALLCHOPS WATCH=128 SILENCE=5 MODES=12 CHANTYPES=#
PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSM
NETWORK=h4cker CASEMAPPING=ascii :are supported by this server
:irc.m00.gov 422 Z :MOTD File is missing:Z MODE Z :+iwlistlist *
join #m00
:[EMAIL PROTECTED] JOIN :#m00:irc.m00.gov 353 Z @ #m00 :Z @h4cker
:irc.m00.gov 366 Z #m00 :End of /NAMES list.
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
