Comments on: Watch a live spam bot in action. http://blogs.mcafee.com/mcafee-labs/watch-a-live-spam-bot-in-action Wed, 16 May 2012 22:25:01 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Featherfire Lennon http://blogs.mcafee.com/mcafee-labs/watch-a-live-spam-bot-in-action/comment-page-1#comment-6124 Featherfire Lennon Mon, 06 Nov 2006 07:34:51 +0000 http://www.labs.com/research/blog/?p=123#comment-6124 Thankyou, I have been TRYING to let McAffee know for a year that they have had trouble with viruses and worms. Whether from a third party I don't know, but I traced it through an independent scan for PUPS, and McAffee kept coming up again & again, from Soth America, Venezuela. I rang McAffee, and was told "This is aload of bullshit, we don;t have ANY problems, thankyou. Now just redownload & she'll be right mate, ansd stop trying to say we have "PUP. But I have just been reconnected again, after being offline, and had to Downlad McAffee again, and again I got up on Saturdy, Australian Daylight Savings Time, and my pc was acting weirdly, and I scanned, it came up with nothing until today 6/11/06 monday. pup worm"W32/IRCbot.worm. well, well, well, what a surprise hey. i have downloaded "stinger" thankyou, and hope this helps. it"s (worm) has crashed my pc today over & over. Spybot won't work. Microsoft Works 8 has disappeared, and I keep getting "error-500" messages constantly, so closing & restarting. I think this "worm is QUITE More seriou than low Profile, as my pc has even returned to WINDOWS 98 Edition.!!!! please warn others that this may have mutated and seems to hide in the Hard Drive, just waiting for the "right" program to attack It is VERY selective, But EXTREMELY tough & resilient even to the latest Remval Tools etc. OK. So PLEASE let it be posted on the web if you could.And perhaps have another look at its functioning capabilities and destructive capabilities. Thankyou for your help with keeping us posted out here, we rely on you people. Featherfire Lennon striker@bigpond.net.au Thankyou, I have been TRYING to let McAffee know for a year that they have had trouble with viruses and worms. Whether from a third party I don’t know, but I traced it through an independent scan for PUPS, and McAffee kept coming up again & again, from Soth America, Venezuela.
I rang McAffee, and was told “This is aload of bullshit, we don;t have ANY problems, thankyou. Now just redownload & she’ll be right mate, ansd stop trying to say we have “PUP.
But I have just been reconnected again, after being offline, and had to Downlad McAffee again, and again I got up on Saturdy, Australian Daylight Savings Time, and my pc was acting weirdly, and I scanned, it came up with nothing until today 6/11/06 monday. pup worm”W32/IRCbot.worm. well, well, well, what a surprise hey. i have downloaded “stinger” thankyou, and hope this helps. it”s (worm) has crashed my pc today over & over. Spybot won’t work. Microsoft Works 8 has disappeared, and I keep getting “error-500″ messages constantly, so closing & restarting.
I think this “worm is QUITE More seriou than low Profile, as my pc has even returned to WINDOWS 98 Edition.!!!! please warn others that this may have mutated and seems to hide in the Hard Drive, just waiting for the “right” program to attack It is VERY selective, But EXTREMELY tough & resilient even to the latest Remval Tools etc. OK. So PLEASE let it be posted on the web if you could.And perhaps have another look at its functioning capabilities and destructive capabilities.
Thankyou for your help with keeping us posted out here, we rely on you people.
Featherfire Lennon
striker@bigpond.net.au

]]> By: William Salusky http://blogs.mcafee.com/mcafee-labs/watch-a-live-spam-bot-in-action/comment-page-1#comment-6123 William Salusky Wed, 01 Nov 2006 19:31:09 +0000 http://www.labs.com/research/blog/?p=123#comment-6123 Hi Chris, William Salusky here, a volunteer handler with the Internet Storm Center. Great post, but maybe it's worth mentioning that what you've overviewed here is only one particular methodology used by spambots that are phone home and template driven vs. a typical generic socks proxybot that requires an upstream controller to manage all smtp sessions. Can you also provide us with the AV classification that McAfee has given to this particular sample? If possible I'd also love it if you could share the md5 hash from the original sample to determine we've seen this one specifically. thanks, W Hi Chris,

William Salusky here, a volunteer handler with the Internet Storm Center. Great post, but maybe it’s worth mentioning that what you’ve overviewed here is only one particular methodology used by spambots that are phone home and template driven vs. a typical generic socks proxybot that requires an upstream controller to manage all smtp sessions.

Can you also provide us with the AV classification that McAfee has given to this particular sample? If possible I’d also love it if you could share the md5 hash from the original sample to determine we’ve seen this one specifically.

thanks,

W

]]>