Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Botnet #b4u-movies

From: Doug Pearson <dodpears () INDIANA EDU>
Date: Thu, 19 Aug 2004 15:33:01 -0500
The irc.rizon.net IRC network described below is serving a movie piracy botnet. It's uncertain whether some of the 
participating IRC servers are engaged in other non-piracy or malware purposes. #Bollywood is the user access channel 
and #B4U-Movies appears to be a channel used to hold botted hosts in reserve for employ as distribution systems. On the 
#B4U-Movies channel, 62 botted systems at 21 EDU institutions were observed. Those institutions are being contacted 
individually regarding their observed compromised systems. Few non-EDU bots in #B4U-Movies channel were observed. The 
network appears to favor EDU-based distribution hosts.

Doug Pearson
dodpears () indiana edu
Research and Education Networking ISAC
24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu


IRC network: irc.rizon.net
Participating servers:
irc.ashenworlds.net     - 66.45.234.200
irc.corezx.com          - 69.28.170.54
irc.deditech.com        - 66.45.242.230
irc.digital-anarchy.org - 61.129.115.81
irc.evilpanties.net     - 69.61.45.148
irc.fansubbers.com      - 209.67.60.245
irc.fullmetal.org       - 65.110.45.79
irc.gamepad.ca          - 63.243.152.253
irc.gamezx.com          - 207.234.208.9
irc.juped.com           - 69.64.34.191
irc.kaizoku-fansubs.com - 207.234.184.71
irc.matrix.org          - 69.22.163.105
irc.mistakesunite.com   - 207.36.196.16
irc.molest.us           - 207.150.167.66
irc.nailed.org          - 205.218.65.30
irc.nauf.net            - 207.36.180.241
irc.netelligent.ca      - 69.90.87.78
irc.radiantx.net        - 66.132.249.213
irc.rewted.us           - 67.18.246.86
irc.rizon.org           - 66.132.249.213
irc.sex0rz.us           - 193.19.227.66
irc.stoners-r.us        - 64.124.166.200
irc2.fullmetal.org      - 64.246.181.30

The above hosts are in networks:
ASN     | IP               | NAME
21698   | 66.45.234.200    | NEBRIX Nebrix Communications I
27524   | 69.28.170.54     | NSC-94 Net Sentry Corp
21698   | 66.45.242.230    | NEBRIX Nebrix Communications I
4812    | 61.129.115.81    | CHINANET-SH-AP China Telecom (
22653   | 69.61.45.148     | GLOBAL-369 Global Compass, Inc
3561    | 209.67.60.245    | CWU Cable & Wireless USA
21840   | 65.110.45.79     | SAGONE Sago Networks
30407   | 63.243.152.253   | RCPNE Rcp.net
10724   | 207.234.208.9    | HEC-10 Harbor Enterprise Cente
30083   | 69.64.34.191     | SERVE-6 Server4You Inc.
10724   | 207.234.184.71   | HEC-10 Harbor Enterprise Cente
27595   | 69.22.163.105    | ATRIV Atrivo
3064    | 207.36.196.16    | CIT-41 CyberGate Internet Tech
21840   | 207.150.167.66   | SAGONE Sago Networks
32748   | 205.218.65.30    | NOZON NoZone, Inc.
3064    | 207.36.180.241   | CIT-41 CyberGate Internet Tech
13768   | 69.90.87.78      | PER1 Peer 1 Network Inc.
13601   | 66.132.249.213   | INTD Interland
21844   | 67.18.246.86     | THEPL-1 THE PLANET
13601   | 66.132.249.213   | INTD Interland
30913   | 193.19.227.66    | NL-INTERXS InterXS IP Network
30407   | 64.124.166.200   | RCPNE Rcp.net
25700   | 64.246.181.30    | SWIFTD SWIFTDESK VENTURE

-o0o-

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: