To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------Title: [botnets] New Botnet or what
From: John Holan [mailto:[EMAIL PROTECTED]
Sent: Thu 10/5/2006 3:43 PM
To: botnets@whitestar.linuxbox.org
Subject: [botnets] New Botnet or whatTo report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hi
Killed a Trojan on a workstation that was constantly connecting to
66.197.216.149 on port 80
It uses filenames associated with Backdoor.Haxdoor but they are not
detected by any AV or Anti Spy ware software that I have tried.
Unfortunately I did not trap any of the traffic it generated only the
logs. And I am still analyzing them.
Any suggestions.
More info
192.168.10.119 Accessed URL
66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENU&pal=0&bay=0&gold=0&id=2222&pa
ram=16661&socksport=20454&httpport=21219&uptimem=51&uptimeh=62&uid=[5278
947655522557439]&wm=0&ver=88(A)
--------------------------------------
66.197.216.149/Ffgj3dsw/bsrv.php?
lang=ENU&
pal=0&
bay=0&
gold=0&
id=2222&
param=16661&
socksport=20454&
httpport=21219&
uptimem=51&
uptimeh=62&
uid=[5278947655522557439]&
wm=0&
ver=88(A)
-------------------------------------
John
IS AnalystWhat AV did you test with? Just curious.
Thank you.
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
