Latest Articles
cli.exe
NTNDIS.EXE
Email-Worm.Win32.Net...
Virus.Win32. Hala.a
Trojan-Clicker.HTML....
   >Dir
*
1C Предпреятие

*Informer
*Vulnerability
*Viruses
*Software
*FreeBSD
*Linux
*Mac
*Windows
*Google
   Ads
   VisitorCount
   
HackTool.Perl. IrBot.d
VirusHack tool. Script language Perl. The file size varies from 12 to 69 KB.

Payload

This script is IRC-bot, is used to find RFI (Remote File Inclusion) vulnerabilities.

Depending on the commands received bot could do the following:

* Purify logs;

* Search RFI vulnerabilities in Web sites. To find a site receives bot keyword, which searched in the following search services:
http://www.google.nl
http://busca.uol.com.br
http://www.alltheweb.com
http://it.ask.com
http://search.aol.com
http://suche.fireball.de
http://search.lycos.com
http://arianna.libero.it
http://search.yahoo.com
http://search.live.com

If the sites were discovered containing the strings "buterfly" and "uid =" in the address, the program forms a request which transmits the address link:
http://linknet *****. com / source / cmd.txt?

The contents of this file is made on the WEB-server site. Thus an attacker can gain remote access to the server.

Also, the script contains the line:
Yogya Ceria Scaner Bot Created By eviL-Zone -= evil =-
   Comments
No Comments have been Posted.
   Post Comment
Please Login to Post a Comment.
   Ratings
Rating is available to Members only.

Please login or register to vote.

No Ratings have been Posted.
   Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
   Member Poll
Site Language You Prefer

English (Present)

Russian

Georgian

Italian

You must login to vote.
   Ads