Microsoft Windows 2000 Plug And Play Spreading Bot

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Microsoft Windows 2000 Plug And Play Spreading Bot GovernmentSecurity.org > System Security > Upload discovered Trojans & Mal ware apoc_neo Aug 12 2005, 10:04 PM Microsoft Windows 2000 Plug and Play Spreading Bot? This is somthing i found on one of my computers that was vuln to this exploit. AV has not found this yet so it is most likely new. So disect it and find that bitch botnet! SeNe Aug 12 2005, 10:33 PM QUOTE(apoc_neo @ Aug 12 2005, 10:04 PM) Microsoft Windows 2000 Plug and Play Spreading Bot? This is somthing i found on one of my computers that was vuln to this exploit. AV has not found this yet so it is most likely new. So disect it and find that bitch botnet! this is not a bot, this are common files to see your running ports,pass etc bt is not a bot. apoc_neo Aug 12 2005, 10:51 PM i tought it was, system.exe was running over 100 times that usualy meens it is scanning on viruses... haz Aug 13 2005, 01:27 AM i would say someone is scanning ranges for open ports aelphaeis_mangarae Aug 17 2005, 08:40 AM There are different variants of the worm, each one connects to different IRC server(s). If anyone gets anyone them PLEASE upload them here...I would love to analyse one... apoc_neo Aug 17 2005, 11:12 AM yep I got 2 they look to be the same but different exe names, would be sweet if you can decompile it and share it with us so we can have a look at the code. Both exes were compressed with myth so I decompressed them for you. Oh and what i find interesting is that mousebm.exe is detected by my kav but wpa.exe isn't and they look to be the same worm so... have a look dude. apoc_neo Aug 17 2005, 11:32 AM here is the reverse bindshell autohacker MilchKuh Aug 17 2005, 05:36 PM QUOTE(apoc_neo @ Aug 17 2005, 11:32 AM) here is the reverse bindshell autohacker is the exploit this with the pita mod TuT Aug 17 2005, 06:05 PM Leme see if my server is vulnerable to this could become fun if my sister gets the worm then i got some work to do again I'm waiting for it aelphaeis_mangarae Aug 18 2005, 08:09 AM apoc_neo what are those viruses you upped? There undetected by KAV. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.