[unisog] Yay Malware

John H. Sawyer jsawyer at ufl.edu
Fri Jan 12 16:07:14 GMT 2007


micheal.cottingham at sv.vccs.edu wrote:
> What kind of traffic? Past couple of days I've seen a surge of IRC traffic
> to various Korean IP addresses all on port 13697. I haven't been able to
> track it down yet. I don't know if it is related or not.

The following is a trace going to Korea on the port you mentioned but I
don't have a copy of the malware. If someone wants to send me a copy of
Yay, I'll test it and provide traffic analysis.

Server: 61.100.5.195:13697

JOIN ##1ntrud3r plz
MODE [P00|USA|74498] -x+i
JOIN ##1ntrud3r plz
MODE [P00|USA|74498] -x+i
JOIN ##1ntrud3r plz
:sv-6.stat1c.net 332 [P00|USA|74498] ##1ntrud3r :
:sv-6.stat1c.net 333 [P00|USA|74498] ##1ntrud3r lol 1168402553
PING :sv-6.stat1c.net
PONG sv-6.stat1c.net
PING :sv-6.stat1c.net
PING :sv-6.stat1c.net
PONG sv-6.stat1c.net
PING :sv-6.stat1c.net



-jhs


More information about the unisog mailing list