|
Vulnerability Development
mailing list archives
Re: Suspicious JOe.exe
From: "Sould3mon" <Sould3mon () killall net>
Date: Sat, 4 Aug 2001 05:28:26 +0200
i am on dalnet were simmelair files are being sended on join of channels
these files are named <somthingto-do-with-sex>.mpeg.zip
in it there was 1 exe file
what i found in it was
inclear text
<ircserver> <port> <channel> <pass> notice <nick> newvic
the actual line copy & pasted
...bind........backdoored.mine.nu 6667 #vics penile notice ntman newvics
this an other .exe sended on dalnet to me
...bind.........ipz.mine.nu.6667.#ip.notice wicked.freshy
both irc servers do not exist not at the time i tested them
in this zobie version both were in clear text i think the notice part
also counts for the joe.exe
but it could be any msg :/
but in this version it came right after the network + port
( i do not know if anyone already mailed this 1 my first day in this mail
group i am sorry if it was)
 By Date 
By Thread
Current thread:
- Re[2]: Suspicious joe.exe, (continued)
|
Intro
