1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

An old F(r)iend

Discussion in 'Computer Security' started by zebulebu, May 1, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Had a serious LOL this morning when I came in to find a shitload of bleeps from our IDS. Thousands of attempted connections to an IRC server at 72.20.27.115 (all failed but indicative of a paritcular exploit)

    Bragging rights to anyone who remembers what this was (hint - if you've seen this, you'll remember it - it was around August/September 2005 when it first hit...)
     
    Certifications: A few
    WIP: None - f*** 'em
  2. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Wasn't this the zotob worm?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  3. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    MS Blaster or Welchia!

    I remember them well! :dry
     
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Nopes

    Tinus is closest...
     
    Certifications: A few
    WIP: None - f*** 'em
  5. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Hmmm, that worm was using port 445 to make a connection to a external IRC. It tried to install a small program called wintbd or something like that. It had some other names to, but I'll have to search for that. I remember because the port address at first glance looked like HTTPS.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Near enough - it was Bozori (a mutation of Zotob).

    It caused me big problems on a couple of sites 2 years ago, but I hadn't seen it for months until yesterday :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  7. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Okaaaayyyyy.
    Mutations are difficult to pinpoint with not a lot of info, but at least I thought in the right direction.
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP

Share This Page

Loading...