[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] DCOM WORM - preface
- To: "morning_wood" <se_cur_ity@hotmail.com>, <full-disclosure@lists.netsys.com>, "0day" <0day@nothackers.org>
- Subject: Re: [Full-Disclosure] DCOM WORM - preface
- From: "sf" <sf@diffusion.net>
- Date: Fri, 15 Aug 2003 21:28:11 -0400
ya i got more questions.
so you are ddosing yourself? are you complaining cuz this sdbot net is
attacking you? why is your dns being used? are you pissing people off
again?
its interesting to see people take the time to make a personal version for
you.
----- Original Message -----
From: "morning_wood" <se_cur_ity@hotmail.com>
To: "sf" <sf@diffusion.net>; <full-disclosure@lists.netsys.com>; "0day"
<0day@nothackers.org>
Sent: Friday, August 15, 2003 8:12 PM
Subject: Re: [Full-Disclosure] DCOM WORM - preface
> if you look at the sample you will see those are connect strings of the
> sdbot
> attacking my system from infected systems
>
>
> > jihpt@ nigga2 exploitlabs.com #0sec nigger exploitlabs.com
> > #whore nigger
> exploitlabs.com <---- server (dns ) to attack
> #0sec <--- chanel to join
> nigger / nigga2 <--- password for the bots
>
> >
> > Proc32.exe
> ^^^^^^^^---- if you have this you are infected and attacking me
>
>
> > Critical Process Monitor
> > mIRC v6.03 Khaled Mardam-Bey
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^--------- basic irc interface component in the
> sdbot
>
> >
> >
> > wtf is that supposed to be?
> >
> >
>
> any more questions? try to analyse the info first ok, try looking at the
> sdbot configuration and you will see these things clearly as options.
>
> Donnie Werner
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html