| View previous topic :: View next topic ? |
| Author |
Message |
Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 663
Location: Undernet
|
 Posted: Mon Aug 14, 2006 6:45 am?? ?Post subject: MS06-040 Used by Botherders
|
 |
|
Machines connected to the Internet and not having installed patch MS06-040 released by Microsoft last week are now vulnerable for being hijacked by a new worm, a variant of the Mocbot trojan. This first appeared in August 2005 as the Zotob-worm.
Security firms expect this worm-attack to grow like a big one, despite this worm seemingly only to attack Windows 2000 machines.
Once installed into the system, the bot will connect to an IRC server and wait there for commands from the dronemaster. The hosts in question are bbjj.househot.com:18067 and ypgw.wallloan.com:18067.
It is using the same IP and host for the IRC server as the original Zotob-worm, which are located in China. It is quite hard to get cooperation from Chinese owners to get such machines off line or cleaned.
Thanks to upinsmoke for the tip.
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
| Back to top |
|
|
Delta
Joined: 11 Feb 2005
Posts: 10
|
|
Posted: Tue Aug 15, 2006 11:06 pm?? ?Post subject:
|
|
|
Don't bother trying to get the IP's taken down, the issue is the domains will still exist.
Someone should inform ICANN about it 
~Francisco
|
|
| Back to top |
|
|
v0rtexio
Joined: 01 Feb 2005
Posts: 62
Location: worcester
|
|
Posted: Sat Aug 19, 2006 10:48 pm?? ?Post subject:
|
|
|
Thanks to upinsmoke for the weed ! 
woo
_________________
http://v0rtex.org
Amazing Website - Go post on the forums!!  woo
http://thebuild.webdesigngroup.net
ONLINE RADIO - THURSDAYS FROM 7 - 8PM GMT
|
|
| Back to top |
|
|
|
|
???
