To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Snared by my nepenthes sensor... Connects to "wi.nibitalia.net" on port 6666 (TCP). See http://sandbox.norman.no/live_5.html?logfile=719951 for more details... Further information : After running the malware in my sandbox and sniffing the traffic... NICK [Hell]-12839416 USER pjamxezz 0 0 :[Hell]-12839416 MODE +iwx JOIN #spqr (no password at time of running/sniffing) #spqr /topic : "advscan dcom135 400 0 0 -r -a" At time of infiltration, ~23 clients, so either botnet is still very small, and/or it's so young it's only garnered 23 infected machines so far. Hope this helps someone nip this one in the bud. Regards, Tron. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEHgKeBzVUSpB18YoRAyrSAJ0aTWmG2cRgom/rm4ilwFKs0TU1LQCffcpy C77gY+qQwPb60XZP5AN7NRk= =H33N -----END PGP SIGNATURE----- _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
