Vulnerability Development mailing list archives

Re: Suspicious JOe.exe

From: "Sould3mon" <Sould3mon () killall net>
Date: Sat, 4 Aug 2001 05:28:26 +0200

i am on dalnet were simmelair  files are being sended on join of channels
these files are named <somthingto-do-with-sex>.mpeg.zip
in it there was 1 exe file
what i found in it was
inclear text

<ircserver> <port> <channel> <pass>  notice <nick> newvic

the actual line copy & pasted

...bind........backdoored.mine.nu 6667 #vics penile notice ntman newvics

this an other .exe  sended on dalnet to me
...bind.........ipz.mine.nu.6667.#ip.notice wicked.freshy

both irc servers do not exist not at the time i tested them
in this zobie version both were in clear text   i think the notice part
also counts for  the joe.exe
but it could be any msg :/
but in this version it came right after the network + port

( i do not know if anyone already mailed this 1  my first day in this mail
group i am sorry if it was)

Current thread:

RE: Suspicious joe.exe, (continued)
- - RE: Suspicious joe.exe Reb (Aug 02)
- RE: Suspicious joe.exe Petruzel, Oliver (Aug 02)
- RE: Suspicious joe.exe Reb (Aug 02)
  - RE: Suspicious joe.exe Mark L'Italien (Aug 02)
    - RE: Suspicious joe.exe Bo Stark (Aug 02)
    - Re[2]: Suspicious joe.exe Greg Wirth (Aug 03)
  - RE: Suspicious joe.exe Haul (Aug 02)
- Re: Suspicious JOe.exe OblivionO (Aug 03)
  - Re: Suspicious JOe.exe Tony Lambiris (Aug 03)
  - Re: Suspicious JOe.exe oktal (Aug 03)
    - Re: Suspicious JOe.exe Sould3mon (Aug 03)
- RE: Suspicious JOe.exe Petruzel, Oliver (Aug 03)
- Re: Suspicious joe.exe sea urchin attacks (Aug 05)
- Re: Suspicious JOE.EXE Roy Wilson (Aug 05)