[unisog] New Bot variants making rounds
Peter Van Epp
vanepp at sfu.ca
Mon Apr 4 18:18:51 GMT 2005
> I've been catching the machines with the (very effective) "RogueIRC"
> snort sigs from a few months back.
> Happy Hunting,
> Michael Holstein CISSP GCIA
> Cleveland State University
> unisog mailing list
> unisog at lists.sans.org
Does this imply that they are making an IRC connection to a control
host and if so would you share the IPs of the IRC servers so those of us with
argus on the outbound links can get early warning (by searching for connections
to the IRC server)? I haven't yet seen this, but undoubtably will when someone
brings it on campus on their laptop :-) (and it starts scanning and gets
whacked and its connections searched).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog