[Dshield] IRC BotNet Connection Question

Benjamin Koch BK-D at gmx.de
Sat Aug 27 11:05:49 GMT 2005


Hello Michael

I did the same again and again. My result was 4 complaints to the hostmaster
of those botnet servers (mostly rented dedicated servers).
One guy was cooperative! I gave him 1 week to stop this IRC server and he
tried... always observing him and make him scared was a nice job >:D At the
fourth day the IRC server was still running (and an onther too). 
I connected to the second server and named me like a bot. Well i hassled him
a little bit, told him that it would be better to surrender because i'm the
same guy who gave him the 1 week period to shut down the botnet.

He banned me from the IRC server and 1 day later the whole host was offline.

Make the same, it may be helpful!

The IRC channel-keys may vary because the update the bots over the internet.
Easiest way is to dump the connections data (they don't use ssl encrypted
connections). I did it via commview - the bot closed it alway until i
renamed the vc.exe to something other ;)

Would be nice tho publish the connection data to scare those guys a little
bit >:D

Good luck!

Benjamin

 > --- Ursprüngliche Nachricht ---
[ quoted part removed as requested by author of quoted message]


More information about the list mailing list