Rigpa
Jun 16 2003, 04:12 AM
Within the last 4 days i noticed an increasing activity on port 17300 reffered to the Kuang2 Trojan
more info here and
hereit first showed up in my honeypot logs (for those who donīt know what a honeypot is , go
here) long before my firewall logs showed similar activity. Actually this is considered an old Trojan ( see above links ) but somehow there still seem to be infected systems ( or again infected ones ) out there.
ShadyCrazy1
Jun 16 2003, 06:45 PM
Yea , There is a IRC-Botnet which infects itself via kuang , the 17300 is either the master or default port.
Rigpa
Jun 17 2003, 03:28 AM
Hmmm, have ya got any idea, further info where the hell this botnet is connected/located on? (irc-server? )
ShadyCrazy1
Jun 17 2003, 06:18 AM
O hella no, Its like a SD-BOT , it can be any server,everyone can have it.
But with this BOT you need to enable certain aspects of the code to allow it to do such spreading, Sub7/Kuang/Kazza/NB
rubbar
Sep 18 2003, 08:07 PM
Its called spybot, guess people are still trying (kuang) lmao
secur3x
Feb 22 2004, 08:17 AM
| QUOTE (ShadyCrazy1 @ Jun 17 2003, 10:10 AM) |
| QUOTE | server : sex0r.ath.cx - irc.clan-game-talk.org
channel : #sphere
chankey : p1mp
login : !auth ownij
downld : !download
exec : !execute
unin. : !Dontuninstall
|
|
bahahahahahahahahahaha
thats Sirux's net
stupid 15 yr old
already been raided by the feds
but yes spybot is the culprit for the increased kuang2 activity as it grows abit more popular then sdbot for the n00bies.
im still abit unsure why ryan left the kuang2 spreader in it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
