NANOG wins a bot
Joseph T. Klein
jtk at titania.net
Tue Jun 18 04:40:09 UTC 2002
Is this part of the debate regarding security of closed source systems
vs. open source systems?
--On Monday, 17 June 2002 23:22 -0500 Rob Thomas <robt at cymru.com> wrote:
>
> Hi, all.
>
> This evening the NANOG mailing list received e-mail from a "jim bruer,"
> aka jim_teh_man at yahoo.com. This e-mail, with a topic of "ConfigMaker
> Beta" (a Cisco product) included an attachment labelled as
> "cisco_configmaker.exe." This is actually a war bot known as Slackbot,
> version 1.0. This bot attempts to connect to the IRC server
> irc.easynews.com, 140.99.102.3. This IP address is part of the
> 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson
> Interconnect). The channel is #midgets_in_drag with no channel key.
> The server is not running, so this botnet (perhaps an old one) is not
> available for woe. The bot runs on Windows as wuordona.exe, and
> installs in c:\winnt\.
>
> This is likely an attempt by some miscreants to build a botnet through
> the e-mail spam method. Since Slackbot does not include a spam
> mechanism, some other bit of malware must be involved.
>
> Thanks,
> Rob.
> --
> Rob Thomas
> http://www.cymru.com
> ASSERT(coffee != empty);
>
>
>
--
Joseph T. Klein +1 414 628 3380
Speaking for self. jtk at titania.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020618/97cc3e54/attachment.sig>
More information about the NANOG
mailing list