To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Today I stumbled over some malware that Norman reported the following
about:
[ Network services ]
* Looks for an Internet connection.
* Connects to "1.75.0.193" on port 6556 (TCP).
* Connects to IRC Server.
* IRC: Uses username mxoz.
* IRC: Uses nickname mxoz.
but the traffic at almost the same time showed:
DNS A 0x80.my1x1.com -> 194.109.11.65
DNS A 0xff.memzero.info -> no response
DNS A 0x80.my-secure.name -> 194.109.11.65
connect 194.109.11.65
port 1037 -> 6556
USER jkbtlmytls jkbtlmytls jkbtlmytls :xLegion/0x030
NICK jkbtlmytls
etc....
is the malware actively missleading norman?
cheers
andrej
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
