<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Suspicious JOe.exe

Re: Suspicious JOe.exe

From: <OblivionO_at_aol.com>
Date: Fri, 3 Aug 2001 14:37:41 EDT

I ran a hex editor on a copy of Joe.exe that was sent to me and although i
found most of the same information as the strings command, i was unable to
find the request of invite. Upon entering the iRC network that joe.exe is
connecting to i tried to enter channel "#penr0x". It is invite only, whcih
leads me to believe that when the zombie connects to irc it sends a request
to a bot or botnetwork with a specific phrase, ordering the botnet to invite
it to #penr0x.... My question is where would this phrase/nick be located in
the file? i cant seem to find it although it seems to me that it should be in
plain text...

~ Chris
Received on Aug 03 2001

This message: [ Message body ]
Next message: Tomasz Wendlandt: "Re: slackware permissions"
Previous message: Greg Wirth: "Re[2]: Suspicious joe.exe"
Next in thread: Tony Lambiris: "Re: Suspicious JOe.exe"
Reply: Tony Lambiris: "Re: Suspicious JOe.exe"
Reply: oktal_at_gmx.co.uk: "Re: Suspicious JOe.exe"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos