[Dshield] Just comparing notes

Deb Hale haled at pionet.net
Mon Jun 2 12:58:49 GMT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Interesting - the site indicated below has been closed by the US Secret Service.

Deborah F Hale
Certified Business Continuity Professional
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Mark Tombaugh
Sent: Friday, May 30, 2003 3:56 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Just comparing notes


On Friday 30 May 2003 9:47 am, Paul Marsh wrote:
> I'd change that the builder(S), can you point me to some info on bot 
> net builders.  It's always nice to read up on what these humans are 
> trying to do.
>
> Thanx, Paul

afaik botnet builders or spreaders are pretty crude. Most just scan for open 
netbios, if found and writable it drops the bot (something like 
<http://www.weblinxorz.com/fb.html> ) then moves on. Others are handcrafted, 
and are only limited to the skill of the scripter, possibly using p2p apps or 
vulns of the day to spread. There are also irc bots in a lot of well known 
trojans that could be exploited. 

- -- 
   Mark Tombaugh <mtombaugh at alliedcc.com>
   Allied Computer Corporation <http://www.alliedcc.com>
   USiHOST, iNC. <http://www.usihost.com>


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPttKCTxOOHZjYde8EQJlRwCg5vXdmajbQseGc1JdW1wcsaDYczIAnjQk
xZ/dCS1SUXcwOnP3BtsKW1Zy
=ZGXA
-----END PGP SIGNATURE-----





More information about the list mailing list