Has anyone seen traffic of a new? irc bot talking on tcp 2234... I have already found 2 hosts on our private network infected, both fully patched(besides IE) Try do a tcpdump on tcp 2234 and see if anyone else is seeo=ing this. It wasnt picked up buy trend officescan, or webmanger(http) or mailmarshall. Seems like a p2p type of irc botnet who always contact each other, all appearing to be irc servers, but use band names for nicks seemingly replicating the nicks to each other... Suspect it is rather new but the number of infected hosts appears huge as I saw one of our firewalls Working quite hard dropping the packets. The only way I can see it propergating is via http (iexplorer vuln) Cheers Eric T x.x.x.146:2234 -> x.x.x.159:2452 [AP] 1....1.......dr.zoooidberg+.......propellerheads .mpg.....1.......xtc2........franzine!....1.......abc47KZ......GTB Entropy'....1.......LazyWHC4.......E-Town Concrete.....1. ......joseluis100@............1.......lets jump now@.......minnie ripington.....1.......basil<.......C'est Pas Moi C'est Lui /....1.......solano2.8......stereophonics you go tta-....1.......precorain........ATE Sometihing Real.....1.......noortekas.............1.......ewor........chillout$.... 1.......zafetX.......Take My Heart D....1.......sNoei pOes....*...earth & fire song of the marching children-....1.......nsrnicekq-......kelly ignition remix$....1.......upiau........cavalo marinho5....1.......Intransit=....... queens of the stone age csr!....1.......franek.+......bill& tony0....1.......Conspiracy8........army of the pharaohs"....1.......jonessskjhda........edyta1....1.......Skoorp as........Superchumbo This Beat Is"....1.......kadotch#.......ABC sports,....1.......jp_steed........DAVID BOWIE REALITY&....1.......Muchacha&.......cesaria evora!....1..... ..mdr shay........no doubt@....1.......tergopaul....&...contemporary punk unit can you compute*....1.......all-vox-man........johnny kontrol4....1.......Crag 1985b.......it' s a beautiful day today'....1.......chuckonpointG.......kinks lola-....1.......badest.s......louie austen easy love+....1.......fabrizio.dp`.......do T x.x.217.31:2234 -> x.x.164:2006 [AR] Go away, we're not home T x.x.x.164:1983 -> x.x.x.131:2240 [AP] .........4......someoneoutthere (....1.......jjaazzzz.$......ivy - realistic1....1.......MiguelPL........STAWKA WI.KSZA NI. .YCIE.....1.......djsunyC.......geylang'....1.......Linute?.......Marcia Griffith s.....1.......locke1978........mana ....1.......Zoiding.e......u reckon2....1.......xiaolingS.......Another Day Another Drone2....1.......DaNi23........amistad - chill out a mbient*....1.......Mike Stone........city-Am fenster$....1.......irq506........basic channel1....1.......jim_jam........terry riley you're nogood.....1.......awalid7.......d sny.....1.......loroboro4.......Moloko)....1.......velox. ......Afro-Indian Project'....1.......Garglebee%E......big joe krash3....1.......teotetoereC.......psichic warriors of gaia,....1.......drpillx.......pavement slow century%....1.......Gorabilbo........epica ghost9....1.......svidurr....!...zecharia sitchin earth chronicles'....1.......Q- Ok".......se.monto.la.gorda.%....1.......no_joel3.......susana spears$....1.......djsfd........belle lawrence!....1.......aquagak4.......Phonecia .....1.......couture....... .ms0....1.......ghitaar........amazing flying orchestra)....1.......Grave-Architect;.......supernova$....1.......regre gregw.......noir desir.....1.......BelzebubeNRW*....... .....1.......squowse........'....1.......mgriggs7`.......radiohead live.....1.......zyph........jim st.rk'....1.......monkey magic........jeff mills/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 16:30:07 PDT