Educause Security Discussion mailing list archives
Botnet #b4u-movies
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Thu, 19 Aug 2004 15:33:01 -0500
The irc.rizon.net IRC network described below is serving a movie piracy botnet. It's uncertain whether some of the participating IRC servers are engaged in other non-piracy or malware purposes. #Bollywood is the user access channel and #B4U-Movies appears to be a channel used to hold botted hosts in reserve for employ as distribution systems. On the #B4U-Movies channel, 62 botted systems at 21 EDU institutions were observed. Those institutions are being contacted individually regarding their observed compromised systems. Few non-EDU bots in #B4U-Movies channel were observed. The network appears to favor EDU-based distribution hosts. Doug Pearson dodpears () indiana edu Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu IRC network: irc.rizon.net Participating servers: irc.ashenworlds.net - 66.45.234.200 irc.corezx.com - 69.28.170.54 irc.deditech.com - 66.45.242.230 irc.digital-anarchy.org - 61.129.115.81 irc.evilpanties.net - 69.61.45.148 irc.fansubbers.com - 209.67.60.245 irc.fullmetal.org - 65.110.45.79 irc.gamepad.ca - 63.243.152.253 irc.gamezx.com - 207.234.208.9 irc.juped.com - 69.64.34.191 irc.kaizoku-fansubs.com - 207.234.184.71 irc.matrix.org - 69.22.163.105 irc.mistakesunite.com - 207.36.196.16 irc.molest.us - 207.150.167.66 irc.nailed.org - 205.218.65.30 irc.nauf.net - 207.36.180.241 irc.netelligent.ca - 69.90.87.78 irc.radiantx.net - 66.132.249.213 irc.rewted.us - 67.18.246.86 irc.rizon.org - 66.132.249.213 irc.sex0rz.us - 193.19.227.66 irc.stoners-r.us - 64.124.166.200 irc2.fullmetal.org - 64.246.181.30 The above hosts are in networks: ASN | IP | NAME 21698 | 66.45.234.200 | NEBRIX Nebrix Communications I 27524 | 69.28.170.54 | NSC-94 Net Sentry Corp 21698 | 66.45.242.230 | NEBRIX Nebrix Communications I 4812 | 61.129.115.81 | CHINANET-SH-AP China Telecom ( 22653 | 69.61.45.148 | GLOBAL-369 Global Compass, Inc 3561 | 209.67.60.245 | CWU Cable & Wireless USA 21840 | 65.110.45.79 | SAGONE Sago Networks 30407 | 63.243.152.253 | RCPNE Rcp.net 10724 | 207.234.208.9 | HEC-10 Harbor Enterprise Cente 30083 | 69.64.34.191 | SERVE-6 Server4You Inc. 10724 | 207.234.184.71 | HEC-10 Harbor Enterprise Cente 27595 | 69.22.163.105 | ATRIV Atrivo 3064 | 207.36.196.16 | CIT-41 CyberGate Internet Tech 21840 | 207.150.167.66 | SAGONE Sago Networks 32748 | 205.218.65.30 | NOZON NoZone, Inc. 3064 | 207.36.180.241 | CIT-41 CyberGate Internet Tech 13768 | 69.90.87.78 | PER1 Peer 1 Network Inc. 13601 | 66.132.249.213 | INTD Interland 21844 | 67.18.246.86 | THEPL-1 THE PLANET 13601 | 66.132.249.213 | INTD Interland 30913 | 193.19.227.66 | NL-INTERXS InterXS IP Network 30407 | 64.124.166.200 | RCPNE Rcp.net 25700 | 64.246.181.30 | SWIFTD SWIFTDESK VENTURE -o0o- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Botnet #b4u-movies Doug Pearson (Aug 19)