Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

keylogger botnet #!!edu2k4 born again

From: Doug Pearson <dodpears () INDIANA EDU>
Date: Tue, 20 Apr 2004 21:46:15 -0500
The keylogger botnet #!!edu2k4 mentioned here:

        Subject: keylogger bots on #!!edu2k4
        Date: Thu, 08 Apr 2004 09:31:29 -0500

has resurfaced on what appears to be a rogue IRC using the DNS names:

        starman.cocaine.cc
        rofl.blood.gs

Traffic is on port 6667.

124 .edu domains have been observed with bot.

Working with Internet2 Abilene network engineering we placed a filter in the Abilene network against the host that 
resolves to the DNS names and have contacted the NOC serving that network.


Doug Pearson
Research and Education Networking ISAC
http://www.ren-isac.net
Watch Desk 24x7: +1(317)278-6630

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: