Post a video on YouTube and it will be featured here!
Do you have a brand new device you want me to hack?
Send it to me!
Are you producing a device and want me to check it's security?
Send me an email!
As of now more than 3500 people unlocked Huawei E585, E5830,
E5832S, E583C and HW-01C successfully!





Monday, November 8, 2010

Botnet found!


A few days ago I analyzed a suspicious program.
A friend of mine downloaded it thinking it was a utility.
The program apparently did nothing.
I disassembled the program and found many interesting things.
The program is a hidden remote control.
It works in this way:
1) It connects to a private irc server.
2) It joins an irc channel.
3) It waits there for commands.

There are 54 supported command in the "bot" ranging
from launching DDOS attacks to keystroke logging.

Obviously i recovered the bot(s) password and I could easily take over the whole botnet.
I then disguised as an "infected" bot and joined the channel.
I found more than 500 PCs waiting for commands there.

I think the number of infected PCs may range from 1000 to 10.000..

I don't know what to do now.
Who to report this?

If you have any clues, let me know.
Namaste,
Zibri

8 comments:

douglaslps said...

Aewsome!

roberto said...

Report to any police authority? Even I doubt they can do something, unless they already tail that...

Zibri said...

Hmm.. yes.. but I wonder if there's something more specific and internet based.

Qurt said...

sell info to antivirus company like Symantec :-)

Zibri said...

@Qurt: nice one. Do you have any contact?

WSpsSps said...

In my opinion a CERT (Computer Emergency Response Team) is the correct contact. A survey of European CERTs is available at http://www.enisa.europa.eu/act/cert/background/inv for example. Your feedback would be very appreciated.

CelsoSC said...

Just for fun, u could invade the private irc server and take control of its admin machine :P leave a threatning message to never try that again :)

Btw, what's the utility name so we can avoid downloading it?

Zibri said...

It has multiple names.. Like a virus. It's not a specific one.

I found it in a fake 3d game mod utility.

Post a Comment