O > It's another mIRC based DDoS trojan that scans for NT-Password and IIS > unicode exploits. > So the next questions is... How do we go about apprehending the culprits? > Can we somehow get wxmail.net revoked? IRC bots are a common plague. We do play 'whack the bot' once in a while if we find out about it. So far, I have yet to see a case successfully prosecuted. The best bet is to call however hosts the IRC server and have them yank the server. Be ready to find some resistance and confusion as you talk to your first 'tech support' person about IRC bots. Try to get through to a security contact. It looks like the particular server you where monitoring is no longer responding. So maybe they took already care of it. Regarding prosecuting: Talk to your local FBI office and see if you can get them interested. However, usually they don't bother unless you have significant damages (the 'official' threshold of $5,000 is usually no enough). If whoever is hosting this server is not cooperating, you may want to try going for a civil suit. Its probably more promising but you need the stomach/money for it. If you need any further help, contact me off-list. -- -------------------------------------------------------------------- jullrichat_private Collaborative Intrusion Detection join http://www.dshield.org ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 10:33:03 PST