Dear admin,

By the time you find this it means

that u have found me on your box..

I just wanna tell u some things..

1. if i done any damage to your box,

i didn't do it on pourpuse

2.i didn't alter any files.. like ps/netstat..

3.if you need any help in securing your box/removing

my rootkit.. email me or somethin.. *******@yahoo.com

Best regards,

Your Rootkit ;)

Ripping it and call it private

first of all. My english sucks! I know!

But what i've seen so far is that people are just ripping other people tools and calling it private! Source look the same to me only the header is changed. Why?

Unixbots at undernet channel #colombo10

Found: traped in Honeypot

IP used: 172.158.130.36

Channel: #colombo10

Bot owner: colo1

Using: EnergyMech, IRC Bot software

Email: GigiBazat@Yahoo.com

Passwords used to change Root of SSHD

!@#$cristimata!@#$

pulamea123daumuie

halt

123456

Software downloads:

http://zomby2009.ilive.ro/0809.tgz (contains exploits)

http://colomboten.ucoz.ru/kriss.tgz (contains a scanner)

http://www.visatorul.go.ro/Quick.mp3 (contains a scanner)

http://colomboten.ucoz.ru/fast.tgz (contains a mechbot)

http://www.personale.110mb.com/scan/scanner.tgz

http://www.tiger1ne.netfast.org/linuxteam.tgz (contains a scanner)

Work directory

/var/tmp

Additional information:

You will find some old kernel exploits from august (0809.tgz)