Vulnerability Development mailing list archives
Re: Suspicious JOe.exe
From: OblivionO () aol com
Date: Fri, 3 Aug 2001 14:37:41 EDT
I ran a hex editor on a copy of Joe.exe that was sent to me and although i found most of the same information as the strings command, i was unable to find the request of invite. Upon entering the iRC network that joe.exe is connecting to i tried to enter channel "#penr0x". It is invite only, whcih leads me to believe that when the zombie connects to irc it sends a request to a bot or botnetwork with a specific phrase, ordering the botnet to invite it to #penr0x.... My question is where would this phrase/nick be located in the file? i cant seem to find it although it seems to me that it should be in plain text... ~ Chris
Current thread:
- Re: Suspicious joe.exe, (continued)
- Re: Suspicious joe.exe Felix Huber (Aug 02)
- Re: Suspicious joe.exe Josh Smith (Aug 02)
- RE: Suspicious joe.exe Haul (Aug 02)
- RE: Suspicious joe.exe Reb (Aug 02)
- RE: Suspicious joe.exe Petruzel, Oliver (Aug 02)
- RE: Suspicious joe.exe Reb (Aug 02)
- RE: Suspicious joe.exe Mark L'Italien (Aug 02)
- RE: Suspicious joe.exe Bo Stark (Aug 02)
- Re[2]: Suspicious joe.exe Greg Wirth (Aug 03)
- RE: Suspicious joe.exe Mark L'Italien (Aug 02)
- RE: Suspicious joe.exe Haul (Aug 02)
- Re: Suspicious JOe.exe OblivionO (Aug 03)
- Re: Suspicious JOe.exe Tony Lambiris (Aug 03)
- Re: Suspicious JOe.exe oktal (Aug 03)
- Re: Suspicious JOe.exe Sould3mon (Aug 03)
- RE: Suspicious JOe.exe Petruzel, Oliver (Aug 03)
- Re: Suspicious joe.exe sea urchin attacks (Aug 05)
- Re: Suspicious JOE.EXE Roy Wilson (Aug 05)