[48797] in North American Network Operators' Group
Re: NANOG wins a bot
daemon@ATHENA.MIT.EDU (Joseph T. Klein)
Tue Jun 18 00:43:16 2002
Date: Tue, 18 Jun 2002 04:40:09 -0000
From: "Joseph T. Klein" <jtk@titania.net>
To: Rob Thomas <robt@cymru.com>, NANOG <nanog@merit.edu>
In-Reply-To: <ROTMAILER.0206172316550.29371-100000@dragon.sauron.net>
Errors-To: owner-nanog-outgoing@merit.edu
--==========10239483==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Is this part of the debate regarding security of closed source systems
vs. open source systems?
--On Monday, 17 June 2002 23:22 -0500 Rob Thomas <robt@cymru.com> wrote:
>
> Hi, all.
>
> This evening the NANOG mailing list received e-mail from a "jim bruer,"
> aka jim_teh_man@yahoo.com. This e-mail, with a topic of "ConfigMaker
> Beta" (a Cisco product) included an attachment labelled as
> "cisco_configmaker.exe." This is actually a war bot known as Slackbot,
> version 1.0. This bot attempts to connect to the IRC server
> irc.easynews.com, 140.99.102.3. This IP address is part of the
> 140.99.96.0/19 prefix announced by ASN 2 (ACES Research - The Tucson
> Interconnect). The channel is #midgets_in_drag with no channel key.
> The server is not running, so this botnet (perhaps an old one) is not
> available for woe. The bot runs on Windows as wuordona.exe, and
> installs in c:\winnt\.
>
> This is likely an attempt by some miscreants to build a botnet through
> the e-mail spam method. Since Slackbot does not include a spam
> mechanism, some other bit of malware must be involved.
>
> Thanks,
> Rob.
> --
> Rob Thomas
> http://www.cymru.com
> ASSERT(coffee !=3D empty);
>
>
>
--
Joseph T. Klein +1 414 628 3380
Speaking for self. jtk@titania.net
--==========10239483==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org
iD8DBQE9DrmqhAQUND5rRrMRAis0AJ0d5E+lbWAeBuNeAGQkBnIC9Wh9hQCcCHM6
f2xKSqhUPMR2jX9Nj5yRbcg=
=nCtS
-----END PGP SIGNATURE-----
--==========10239483==========--
