MS06-040 Used by Botherders

Hello there! If you are new here, you might want to subscribe to the RSS feed for more & updated news about the world of IRC.

You're also welcome to follow us on Twitter or join our Facebook Fanpage.

If you liked this post, please show your support by clicking on our flattr button - thank you! :)

Machines connected to the Internet and not having installed patch MS06-040 released by Microsoft last week are now vulnerable for being hijacked by a new worm, a variant of the Mocbot trojan. This first appeared in August 2005 as the Zotob-worm.

Security firms expect this worm-attack to grow like a big one, despite this worm seemingly only to attack Windows 2000 machines.

Once installed into the system, the bot will connect to an IRC server and wait there for commands from the dronemaster. The hosts in question are bbjj.househot.com:18067 and ypgw.wallloan.com:18067.

It is using the same IP and host for the IRC server as the original Zotob-worm, which are located in China. It is quite hard to get cooperation from Chinese owners to get such machines off line or cleaned.

Thanks to upinsmoke for the tip.

FBI Arrests Three Botherders With the arrest of three suspect botherders the FBI discovered...
Zotob-coders Locked Behind Bars The coders of the Zotob worm have heard their sentence...
Jay R. Echouafni on the run In August this year we posted about the DDoS arranged...
Honeynet Project Releases Paper on Botnets As you can see in the sidebar for IRC news...
New Zealand Botnet Master Arrested An 18-year-old New Zealand suspect has been arrested in a...

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/digg_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/reddit_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/dzone_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/stumbleupon_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/delicious_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blinklist_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blogmarks_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/newsvine_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/technorati_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/google_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/myspace_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/facebook_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/yahoobuzz_48.png

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/twitter_48.png

Tags: Botnets, Hack, IRC

This entry was posted on Monday, August 14th, 2006 at 3:26 pm and is filed under Botnets/DDoS, Hack, IRC. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

IRC-Junkie.org – IRC News

MS06-040 Used by Botherders

Leave a Reply