Full Disclosure mailing list archives
Re: What is this
From: Jeremy <intrusiondetection () gmail com>
Date: Mon, 8 Aug 2005 16:02:22 -0400
On 8/8/05, Armando Rogerio Brandão Guimaraes Junior <arjunior () attps com br> wrote:
Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php AntiVirus and SpyBot doesn´t detect!!! Armando Guimarães Jr
Installs a bot. Looks up lists2.dc21business.com, connects to an IRC server on port 12000. Joins a few rooms. Gets a message/command to download http://home.comcast.net/~soliveria/n3.exe . Does so, then gets a message to download http://home.comcast.net/~ebaker1973/up.exe . Reports to http://dos2.deadlist.net/ . Joins another IRC server at 204.8.34.78 port 12000. Gets told to download http://hec-ulg-entrepreneurs.com/3.exe , then http://hec-ulg-entrepreneurs.com/1.exe . Starts a netbios scan of local network. Joins several different irc chats. It just keeps going and going and going.... Lots of spyware, lots of malware, chaos. Still watching, ~J _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this trains (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Ron (Aug 08)
- RE: What is this Peter Kruse (Aug 08)
- Re: What is this Michael Hale (Aug 08)
- Re: What is this Jeremy (Aug 08)
- RE: What is this Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- RE: What is this Armando Rogerio Brandão Guimaraes Junior (Aug 08)
- Re: What is this Feher Tamas (Aug 09)
- Re: What is this trains (Aug 08)