Skip to main content

Posts

Showing posts from November 7, 2010

Botnet found!

A few days ago I analyzed a suspicious program.A friend of mine downloaded it thinking it was a utility.The program apparently did nothing.I disassembled the program and found many interesting things.The program is a hidden remote control.It works in this way:1) It connects to a private irc server.2) It joins an irc channel.3) It waits there for commands.
There are 54 supported command in the "bot" rangingfrom launching DDOS attacks to keystroke logging.
Obviously i recovered the bot(s) password and I could easily take over the whole botnet.I then disguised as an "infected" bot and joined the channel.I found more than 500 PCs waiting for commands there.
I think the number of infected PCs may range from 1000 to 10.000..
I don't know what to do now.Who to report this?
If you have any clues, let me know.Namaste,Zibri