You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

hi, botnet Jack here

I received what was obviously spam this morning with the subject “VideoTube.com: The Best!”
Because I work on the Youtomb project this sort of caught my attention. The message simply read “eX-eX-eX girlfriend!” and there was a zipped attachment. I detached the file and moved it to one of my test boxes. Once there I unzipped it and ran “strings” on it.

It is definitely some sort of windows based botnet package but I don’t have the time to really investigate it. Leaving behind the strings output to help anyone who runs into this today or in the near future. The first line of intelligible strings output did make me laugh

hi, botnet Jack here
CloseHandle
CreateProcessA
ExitProcess
GetEnvironmentVariableA
GetModuleFileNameA
GetShortPathNameA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA
KERNEL32.dll

This was written by zeroday. Posted on Thursday, September 18, 2008, at 8:52 am. Filed under Digital Warfare. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.

Post a Comment

You must be logged in to post a comment.
Proudly powered by WordPress. Hosted by Pressable.