[Dshield] IRC BotNet Connection Question
BK-D at gmx.de
Sat Aug 27 11:05:49 GMT 2005
I did the same again and again. My result was 4 complaints to the hostmaster
of those botnet servers (mostly rented dedicated servers).
One guy was cooperative! I gave him 1 week to stop this IRC server and he
tried... always observing him and make him scared was a nice job >:D At the
fourth day the IRC server was still running (and an onther too).
I connected to the second server and named me like a bot. Well i hassled him
a little bit, told him that it would be better to surrender because i'm the
same guy who gave him the 1 week period to shut down the botnet.
He banned me from the IRC server and 1 day later the whole host was offline.
Make the same, it may be helpful!
The IRC channel-keys may vary because the update the bots over the internet.
Easiest way is to dump the connections data (they don't use ssl encrypted
connections). I did it via commview - the bot closed it alway until i
renamed the vc.exe to something other ;)
Would be nice tho publish the connection data to scare those guys a little
> --- Ursprüngliche Nachricht ---
[ quoted part removed as requested by author of quoted message]
More information about the list