[unisog] New Bot variants making rounds

Cam Beasley, ISO cam at austin.utexas.edu
Thu Apr 7 02:21:53 GMT 2005


Jason --

'RogueIRC' may have come from the following 
EDUCAUSE posting on 2004-JUL-11:

http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0407&L=security&P=R504
5&I=-3 

Botnets have since evolved, so have our sigs, 
but these are still somewhat effective.  

~cam.


> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Jason Brooks
> Sent: 2005, April 04, Monday 12:58
> To: 'UNIversity Security Operations Group'
> Subject: RE: [unisog] New Bot variants making rounds
> 
> Is "RogueIRC" from the bleedingsnort rules? 
> 
> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org]
> On Behalf Of Michael Holstein
> Sent: Monday, April 04, 2005 11:25 AM
> To: UNIversity Security Operations Group
> Subject: [unisog] New Bot variants making rounds
> 
> 
> I've been catching the machines with the (very effective) "RogueIRC" 
> snort sigs from a few months back.
> 
> Happy Hunting,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 



More information about the unisog mailing list