Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: FW: Sub-7

FW: Sub-7

From: Abel Wisman <abel_at_ABLE-TOWERS.COM>
Date: Thu, 8 Jun 2000 14:15:31 +0200

this is output in a channel on irc:

17:10] *** Joins: cwc
[17:10] <cwc> Sub7Server v.2.1 installed on port: 27374, ip:
195.252.137.208 - victim: pechfregel - password: rasta
[17:10] *** Quits: dt018 (Leaving)
[17:10] *** Joins: kwxqry
[17:10] <kwxqry> Sub7Server v.2.1 installed on port: 27374, ip:
213.6.181.193 - victim: pechfregel - password: rasta
[17:10] <moxbj> Sub7Server v.2.1 installed on port: 27374, ip:
62.157.13.4 - victim: pechfregel - password: rasta
[17:10] <pjv> Sub7Server v.2.1 installed on port: 27374, ip:
192.168.10.52 - victim: pechfregel - password: rasta
[17:10] *** Joins: xakjbl
[17:10] <xakjbl> Sub7Server v.2.1 installed on port: 27374, ip:
62.224.173.111 - victim: pechfregel - password: rasta
[17:10] <paxlp> Sub7Server v.2.1 installed on port: 27374, ip:
195.71.25.254 - victim: pechfregel - password: rasta
[17:10] <sjil> Sub7Server v.2.1 installed on port: 27374, ip:
195.131.87.73 - victim: pechfregel - password: rasta
[17:11] <fwwm> Sub7Server v.2.1 installed on port: 27374, ip:
62.224.200.40 - victim: pechfregel - password: rasta
[17:11] *** Joins: yagc
[17:11] <yagc> Sub7Server v.2.1 installed on port: 27374, ip:
213.6.119.91 - victim: pechfregel - password: rasta
[17:12] <bstdm> Sub7Server v.2.1 installed on port: 27374, ip:
193.159.1.191 - victim: pechfregel - password: rasta
[17:12] <uen> Sub7Server v.2.1 installed on port: 27374, ip:
-193.0.81.2-192.168.171.26-193.159.10.204- - victim: pechfregel -
password: rasta

(attached log)

abel wisman

ABLE-TOWERS is a division of UROwear Llc which in turn is a division of ABLE
Consultancy Holding BV

we recommend you visit these pages:

www.able-towers.com (hosting)
www.ul.org (domainregistration)
www.nut-shell.com (webdesign)
www.webdesignsdirect.com (webdesign)

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS_at_SECURITYFOCUS.COM]On
Behalf Of Khan, Mansoor
Sent: maandag 5 juni 2000 19:49
To: INCIDENTS_at_SECURITYFOCUS.COM
Subject: Sub-7

I was wondering if any one has any experience with this Trojan (Sub-7).
I am interested in finding out if it sends info through a general
broadcast to chat rooms. Additionally, what specific info does it send
(from a w-95 machine) e.g. registry settings, user ids and passwords
etc.

Thanks,
Received on Jun 08 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos