I was looking at a bot the other day I received though email. The "botmaster" (and I use that term loosely) was using mIRC-based bot, something I haven't seen in a long time. It wasn't packed, didn't perform any tricks to get installed, etc. Everything screamed amateur.
So, I ran it through my honeynet and just sat there and watched. Since it was mIRC I could open it up and just watch the channel. To my complete amazement, after confirming I was a bot (by asking me to echo some text back to him) the "botmaster" gave me admin access to the IRC channel. Huh!?!
(In the picture below the botmaster is @Gigi, my infection is @Childse.)
So, what is a self-respecting malware analyst like myself to do? Oh, I don't know. :)
1 comment:
If there's one thing I learned while doing physical security work at the bank it was the majority of criminals are stupid, well at least the ones that rob banks are. Good to see this extents to the computer world as well.
Cheers,
Matt
Post a Comment