Ian Kenefick (Ireland)
2004-09-25 16:47:43 UTC
Pictures of me and my girlfriend having sex at the end of a Bunjee Rope 100 meters off a bridge in Scotland
http://bunjeelove.fsckme.net/BunjeeLove.zip
This above is another version of Hackarmy IRC backdoors...http://bunjeelove.fsckme.net/BunjeeLove.zip
Norman sandbox analysis...
Virus W32/Backdoor
[ General information ]
* File length: 20480 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\winXPupdate.exe.
* Deletes file C:\SAMPLE.EXE.
[ Changes to registry ]
* Creates value "Winsock32driver"="winXPupdate.exe" in key
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
[ Network services ]
* Looks for an Internet connection.
* Connects to "eleven.afraid.org" on port 6667 (IP).
* Connects to IRC server.
* IRC: Uses nickname doeoeoeo.
* IRC: Uses username doeoeoeo.
* IRC: Joins channel ##11## with password grandad.
[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Attemps to open C:\WINDOWS\SYSTEM\winXPupdate.exe qwerC:\SAMPLE.EXE.
* Creates a mutex fdsfsd.
Ian.