Post a video on YouTube and it will be featured here!
Do you have a brand new device you want me to hack?
Send it to me!
Are you producing a device and want me to check it's security?
Send me an email!
As of now more than 3500 people unlocked Huawei E585, E5830,
E5832S, E583C and HW-01C successfully!

Australian and Japanese E585/E5830 ARE NOW SUPPORTED.

Click here for 2GB of free online storage space with direct linking!



Monday, November 8, 2010

Botnet found!


A few days ago I analyzed a suspicious program.
A friend of mine downloaded it thinking it was a utility.
The program apparently did nothing.
I disassembled the program and found many interesting things.
The program is a hidden remote control.
It works in this way:
1) It connects to a private irc server.
2) It joins an irc channel.
3) It waits there for commands.

There are 54 supported command in the "bot" ranging
from launching DDOS attacks to keystroke logging.

Obviously i recovered the bot(s) password and I could easily take over the whole botnet.
I then disguised as an "infected" bot and joined the channel.
I found more than 500 PCs waiting for commands there.

I think the number of infected PCs may range from 1000 to 10.000..

I don't know what to do now.
Who to report this?

If you have any clues, let me know.
Namaste,
Zibri

Share
Posted by Zibri at 8:41 AM
Labels: , , , , , , ,

8 comments:

douglaslps said...

Aewsome!

November 9, 2010 2:14 AM
roberto said...

Report to any police authority? Even I doubt they can do something, unless they already tail that...

November 10, 2010 7:44 AM
Zibri said...

Hmm.. yes.. but I wonder if there's something more specific and internet based.

November 10, 2010 10:51 AM
Qurt said...

sell info to antivirus company like Symantec :-)

November 11, 2010 2:55 AM
Zibri said...

@Qurt: nice one. Do you have any contact?

November 11, 2010 9:49 AM
WSpsSps said...

In my opinion a CERT (Computer Emergency Response Team) is the correct contact. A survey of European CERTs is available at http://www.enisa.europa.eu/act/cert/background/inv for example. Your feedback would be very appreciated.

November 14, 2010 3:17 AM
CelsoSC said...

Just for fun, u could invade the private irc server and take control of its admin machine :P leave a threatning message to never try that again :)

Btw, what's the utility name so we can avoid downloading it?

November 20, 2010 6:50 AM
Zibri said...

It has multiple names.. Like a virus. It's not a specific one.

I found it in a fake 3d game mod utility.

November 20, 2010 9:32 AM

Post a Comment

Subscribe to: Post Comments (Atom)