nanog mailing list archives
Re: NANOG wins a bot
From: "Joseph T. Klein" <jtk () titania net>
Date: Tue, 18 Jun 2002 04:40:09 -0000
Is this part of the debate regarding security of closed source systems vs. open source systems? --On Monday, 17 June 2002 23:22 -0500 Rob Thomas <robt () cymru com> wrote:
Hi, all. This evening the NANOG mailing list received e-mail from a "jim bruer," aka jim_teh_man () yahoo com. This e-mail, with a topic of "ConfigMaker Beta" (a Cisco product) included an attachment labelled as "cisco_configmaker.exe." This is actually a war bot known as Slackbot, version 1.0. This bot attempts to connect to the IRC server irc.easynews.com, 140.99.102.3. This IP address is part of the 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson Interconnect). The channel is #midgets_in_drag with no channel key. The server is not running, so this botnet (perhaps an old one) is not available for woe. The bot runs on Windows as wuordona.exe, and installs in c:\winnt\. This is likely an attempt by some miscreants to build a botnet through the e-mail spam method. Since Slackbot does not include a spam mechanism, some other bit of malware must be involved. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
-- Joseph T. Klein +1 414 628 3380 Speaking for self. jtk () titania net
Attachment:
_bin
Description:
Current thread:
- NANOG wins a bot Rob Thomas (Jun 17)
- Re: NANOG wins a bot Joseph T. Klein (Jun 17)
- Re: NANOG wins a bot Rob Thomas (Jun 17)
- RE: NANOG wins a bot Matt Levine (Jun 17)
- Re: NANOG wins a bot Joseph T. Klein (Jun 17)