Re: sub-7

From: Brice Carlson (tuck167@hotmail.com)
Date: 11/13/01


From: "Brice Carlson" <tuck167@hotmail.com>
To: incidents@securityfocus.com
Subject: Re: sub-7 
Date: Mon, 12 Nov 2001 21:42:59 -0500
Message-ID: <F30PUfklMyLkEtpgWtf00003759@hotmail.com>

Yes, matter of fact i have and i can tell you why... Recently i was bored.
So i decided to delete alot my virus scanner, firewalls, and my IDS. And i
also opened up my file and print shares.(running windows95) With in 15
minutes I could no longer surf the net. I am running a 28.8(Don't give me
this 56ks are cheap talk) So i opened up file/search i had some new
*programs* on my computer. It scans for subseven. I also noticed that i had
a connection on port 6667 (irc) Ip address 66.26.92.28. But anyways i tried
connecting to this server. i did and... There was NO Channels. but like 324
users on it... So i'm imagining that is 324 compromised systems(?) I also
let the program run a while (sorry guys) to find out if someone would
connect over Subseven. no one ever did though, even though i had it on my
system. I still have all the programs on this system i just have a firewall
not letting them get through. If anyone wanted to look into the programs
that i have... I'd be happy to send them the files. Just send me an email.
One of them is the program that they use to communicate to the IRC channel
and you very well know the other.

Brice Carlson

>
>Anyone notice an increase in port scans to 27374 in the last week? I
>noticed several, all from different addresses.
>
>Leon
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: [CERT] Re: Compromised FBSD/Apache
    ... >>>This list is provided by the SecurityFocus ARIS analyzer service. ... >>>For more information on this free incident handling, management ...
    (Incidents)
  • RE: Anyone????? FW: Concept Virus(CV) V.5 - Quick analysis update
    ... >>> This list is provided by the SecurityFocus ARIS analyzer service. ... >>> For more information on this free incident handling, management ...
    (Incidents)
  • RE: Compromised FBSD/Apache
    ... >>>This list is provided by the SecurityFocus ARIS analyzer service. ... >>>For more information on this free incident handling, management ...
    (Incidents)
  • Re: Strange web request
    ... >> This list is provided by the SecurityFocus ARIS analyzer service. ... >> For more information on this free incident handling, management ...
    (Incidents)
  • Re: Rooted, .haos on system
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ...
    (Incidents)