[unisog] New Bot variants making rounds
michael.holstein at csuohio.edu
Mon Apr 4 19:18:59 GMT 2005
> Yes. The control channels are unencrypted IRC on various ports. Here is
> the list I've seen since 31/Mar/05 00:00:00 (GMT-5) with the Count, IP,
> and port #.
Whoops ... Ignore this line. This is the *only* false-positive I've seen
for the snort sigs. It's a "lifestyle" website's ('host 188.8.131.52'
for the curious) Java IRC "chat" program and people with usernames that
contain the right strings (typically '/zombie/') can trigger the snort sig.
> 15 184.108.40.206 7514
More information about the unisog