[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DCOM WORM - preface

To: "sf" <sf@diffusion.net>, <full-disclosure@lists.netsys.com>, "0day" <0day@nothackers.org>
Subject: Re: [Full-Disclosure] DCOM WORM - preface
From: "morning_wood" <se_cur_ity@hotmail.com>
Date: Fri, 15 Aug 2003 17:12:59 -0700

if you look at the sample you will see those are connect strings of the
sdbot
attacking my system from infected systems


> jihpt@ nigga2 exploitlabs.com #0sec nigger exploitlabs.com
> #whore nigger
exploitlabs.com  <---- server (dns ) to attack
#0sec <--- chanel to join
nigger / nigga2 <--- password for the bots

>
> Proc32.exe
    ^^^^^^^^---- if you have this you are infected and attacking me


> Critical Process Monitor
> mIRC v6.03 Khaled Mardam-Bey
^^^^^^^^^^^^^^^^^^^^^^^^^^^^--------- basic irc interface component in the
sdbot

>
>
> wtf is that supposed to be?
>
>

any more questions? try to analyse the info first ok, try looking at the
sdbot configuration and you will see these things clearly as options.

Donnie Werner

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] DCOM WORM - preface
  - From: "sf" <sf@diffusion.net>
- Re: [Full-Disclosure] DCOM WORM Killer 2.0
  - From: w g <xillwillx@yahoo.com>

References:
- [Full-Disclosure] DCOM WORM - preface
  - From: "morning_wood" <se_cur_ity@hotmail.com>
- Re: [Full-Disclosure] DCOM WORM - preface
  - From: "sf" <sf@diffusion.net>

Prev by Date: Re: [Full-Disclosure] DCOM WORM - preface
Next by Date: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
Prev by thread: Re: [Full-Disclosure] DCOM WORM - preface
Next by thread: Re: [Full-Disclosure] DCOM WORM - preface
Index(es):
- Date
- Thread