I bow to your superior google skills. My spanish is horrible, but my boss happens to be Puerto Rican. :-) Checking for stde9 (the installer), you find it's pretty common among many of the trojans. So, this isn't entirely new work, itself. The mIRC, the installer, even the packet streaming utility are all recycled. It's the command/control function that might be of more interest. On Friday, March 7, 2003, at 06:35 PM, Alex Lambert wrote: > Googling for columbus.private.net (the server's asserted 'name'), a few > things turn up: > > http://www.google.com/ > search?q=%22columbus.private.net%22&hl=en&lr=&ie=UTF-8 > &oe=UTF-8&safe=off&filter=0 > > My Spanish isn't great, but it can do DDoS and is similar to > WORM_AGOBOT.C. > > > > > apl > > > ----- Original Message ----- > From: "Andy Shelley" <andyat_private> > To: <incidentsat_private> > Sent: Friday, March 07, 2003 4:51 PM > Subject: new ddos client? > > > -- Andy Shelley Cbeyond Communications andyat_private ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 09:24:47 PST