Security Incidents mailing list archives
Re: new ddos client?
From: Andy Shelley <andy () cbeyond net>
Date: Fri, 7 Mar 2003 23:32:36 -0500
I bow to your superior google skills. My spanish is horrible, but my boss happens to be Puerto Rican. :-)
Checking for stde9 (the installer), you find it's pretty common among many of the trojans. So, this isn't entirely new work, itself. The mIRC, the installer, even the packet streaming utility are all recycled. It's the command/control function that might be of more interest.
On Friday, March 7, 2003, at 06:35 PM, Alex Lambert wrote:
Googling for columbus.private.net (the server's asserted 'name'), a few things turn up:http://www.google.com/ search?q=%22columbus.private.net%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&filter=0My Spanish isn't great, but it can do DDoS and is similar to WORM_AGOBOT.C.apl ----- Original Message ----- From: "Andy Shelley" <andy () cbeyond net> To: <incidents () securityfocus com> Sent: Friday, March 07, 2003 4:51 PM Subject: new ddos client?
-- Andy Shelley Cbeyond Communications andy () cbeyond net ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Current thread:
- new ddos client? Andy Shelley (Mar 07)
- Re: new ddos client? Alex Lambert (Mar 10)
- Re: new ddos client? Andy Shelley (Mar 10)
- Re: new ddos client? Alex Lambert (Mar 10)