Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Botnet is back, and some info FYI.
From: BahdKo <bahdko () erols com>
Date: Thu, 06 Jan 2005 14:57:01 +0200
Hi everyone,

I wanted to let you know how this worked out.

The packets that were coming into my network stopped for a few days, and then restarted. This time, I was ready with netcat. I 
had netcat listen on port 3127 and grabbed the payload from a couple of connections. It looks like the bots are using a utility 
from the www.steelbytes.com website ("port tunnel" maybe), and when Norton Antivirus looked at the file, it identified 
it as being related to or otherwise infected with Bloodhound.Mydoom.Cli. I have the contents from one of the tcp sessions up at 
http://www.sbbsnet.net/netcatfile.gz, if anyone wants to see it. This file may contain the actual virus.

Regards,

--Laura

  By Date           By Thread  

Current thread:
  • Botnet is back, and some info FYI. BahdKo (Jan 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]