[Dshield] Just comparing notes

Deb Hale haled at pionet.net
Mon Jun 2 12:58:49 GMT 2003

Hash: SHA1

Interesting - the site indicated below has been closed by the US Secret Service.

Deborah F Hale
Certified Business Continuity Professional
BCP Enterprise, Inc
Telephone: (712) 252-0361

- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Mark Tombaugh
Sent: Friday, May 30, 2003 3:56 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Just comparing notes

On Friday 30 May 2003 9:47 am, Paul Marsh wrote:
> I'd change that the builder(S), can you point me to some info on bot 
> net builders.  It's always nice to read up on what these humans are 
> trying to do.
> Thanx, Paul

afaik botnet builders or spreaders are pretty crude. Most just scan for open 
netbios, if found and writable it drops the bot (something like 
<http://www.weblinxorz.com/fb.html> ) then moves on. Others are handcrafted, 
and are only limited to the skill of the scripter, possibly using p2p apps or 
vulns of the day to spread. There are also irc bots in a lot of well known 
trojans that could be exploited. 

- -- 
   Mark Tombaugh <mtombaugh at alliedcc.com>
   Allied Computer Corporation <http://www.alliedcc.com>
   USiHOST, iNC. <http://www.usihost.com>

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Version: PGP 8.0


More information about the list mailing list