To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I'm familiar with Shellbot.
The good news is that as it's primarily used on *nix hosts (I've never seen a Windows-based Shellbot, but that doesn't mean it's not possible), which means that unless they've got root or have modified crontab, the bot isn't going to restart on it's own. As Shellbot has the ability to eval perl commands (default trigger for this is !atrix !eval, though it may have been changed - check the script), simply doing '!atrix !eval exit' in a Shellbot channel with a master's nick will cause these bots to exit. The bad news is the server is still vulnerable, and can be re-compromised. There's not much you can do there, other than making an attempt to notify the admins. On Mon, Apr 17, 2006 at 06:02:26PM +0200, Tom Fischer babbled thus: > AVG 386/20060416 found [PERL/ShellBot] -- PinkFreud Chief of Security, Nightstar IRC network irc.nightstar.net | www.nightstar.net Server Administrator - Blargh.CA.US.Nightstar.Net Unsolicited advertisements sent to this address are NOT welcome. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
