Skip to main content
A few days ago I analyzed a suspicious program.A friend of mine downloaded it thinking it was a utility.The program apparently did nothing.I disassembled the program and found many interesting things.The program is a hidden remote control.It works in this way:1) It connects to a private irc server.2) It joins an irc channel.3) It waits there for commands.
There are 54 supported command in the "bot" rangingfrom launching DDOS attacks to keystroke logging.
Obviously i recovered the bot(s) password and I could easily take over the whole botnet.I then disguised as an "infected" bot and joined the channel.I found more than 500 PCs waiting for commands there.
I think the number of infected PCs may range from 1000 to 10.000..
I don't know what to do now.Who to report this?
If you have any clues, let me know.Namaste,Zibri
Aewsome!
ReplyDeleteReport to any police authority? Even I doubt they can do something, unless they already tail that...
ReplyDeleteHmm.. yes.. but I wonder if there's something more specific and internet based.
ReplyDeletesell info to antivirus company like Symantec :-)
ReplyDelete@Qurt: nice one. Do you have any contact?
ReplyDeleteIn my opinion a CERT (Computer Emergency Response Team) is the correct contact. A survey of European CERTs is available at http://www.enisa.europa.eu/act/cert/background/inv for example. Your feedback would be very appreciated.
ReplyDeleteJust for fun, u could invade the private irc server and take control of its admin machine :P leave a threatning message to never try that again :)
ReplyDeleteBtw, what's the utility name so we can avoid downloading it?
It has multiple names.. Like a virus. It's not a specific one.
ReplyDeleteI found it in a fake 3d game mod utility.