To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I'd like to quote Joe, for historical purposes:
Obviously there is money being made here - the economics of exploiting end-user systems for the purposes of spam has been an established business model for at least four years now. Can your antivirus protect you from becoming part of the proxy network? Not by itself - we saw that with the release of Mocbot, only 1/3 of tested antivirus scanners detected it, even though it was little changed from the variants released over the previous six months. Another factor is the use of the IRC C&C to provide instructions to automatically download the second-stage trojan executable. If your antivirus company is not spying on these control channels on an ongoing basis, there is no way to know what malware is being installed after the initial infection. So, when you remove Mocbot from an infected system, the malware that was subsequently downloaded may go undetected for some time - which is fine with the botherder, as thats the executable they really wanted you to run anyway. ---- He has a knack to put things we know to be true but say in an hour, down to two sentences. http://www.lurhq.com/mocbot-spam.html Gadi. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
