Re: possible new irc worm

From: Becky (kismet_at_magelair.com)
Date: 06/28/03

  • Next message: rewt_at_eghetto.ca: "Re: possible new irc worm" 
    To: "ZSisic" <ZSisic@noahtek.com>, <incidents@securityfocus.com>
Date: Fri, 27 Jun 2003 23:54:40 -0400

    Yeah, I'm an admin on one of the IRC Servers, and we got our security
    services to ban on connect with them.
    Ugly worm.... lots of variations, most of them didn't have the .zip
    extension.

    Becky

    > Hello everybody,
    >
    > As of today, we started noticing spamming bots or drones on our IRC
    network.
    > They enter channels, scan for users, exit and spam users with following
    > messages:
    >
    > <kyzclvqfc> EEEEEEETHHHOOOM! MINDJAIL!! HE IS TRAPPED!! GET HIM OUT!
    > http://61.48.32.73:3030/mindjail.zip
    >
    >
    >
    > <pwdujizao> Ever heard of a thing called mindjail? Check it:
    > http://61.106.85.184:3030/mindjail.zip
    >
    >
    >
    > Did anybody else notice this behavior? It seems to be a new work. I
    searched
    > on Google for "mindjail", but my search did not return anything.
    >
    >
    >
    > Thanks
    >
    >
    >
    > Zlatko Sisic
    >
    > Bolchat Netowrk Administrator
    >
    > www.bolchat.org
    >
    > -------------------------------------------------------------------------- 

    --
> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15 training
sessions,
> 1,800 delegates from 30 nations including all of the top experts, from
CSO's to
> "underground" security specialists.  See for yourself what the buzz is
about!
> Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
> --------------------------------------------------------------------------
--
>
>
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
  • Next message: rewt_at_eghetto.ca: "Re: possible new irc worm"

    Relevant Pages

    • RE: Cisco IOS vulnerability
      ... Subject: Cisco IOS vulnerability ... On a perimeter router you should be implementing RFC1918 and RFC2827 ... Although these security measures in themselves will not prevent the attack, ... world's premier technical IT security event! ...
      (Incidents)
    • RE: Need some help and guidance, please....RE: TROJAN: Symantec: New Serious Virus found. (fwd)
      ... which will bring up lots of pop up windows like window ... > Norton Security Response, has detected a new virus in the Internet. ... > world's premier technical IT security event! ... > Early-bird registration ends July 3. ...
      (Incidents)
    • RE: Cisco IOS vulnerability
      ... Subject: Cisco IOS vulnerability ... On a perimeter router you should be implementing RFC1918 and RFC2827 ... Although these security measures in themselves will not prevent the attack, ... world's premier technical IT security event! ...
      (Incidents)
    • Need some help and guidance, please....RE: TROJAN: Symantec: New Serious Virus found. (fwd)
      ... scan when I rebooted and found the virus and quarantined it. ... > Norton Security Response, has detected a new virus in the Internet. ... > world's premier technical IT security event! ... > Early-bird registration ends July 3. ...
      (Incidents)
    • Re: TROJAN: Symantec: New Serious Virus found. (fwd)
      ... which will bring up lots of pop up windows like window ... > Norton Security Response, has detected a new virus in the Internet. ... > world's premier technical IT security event! ... > Early-bird registration ends July 3. ...
      (Incidents)