unkwown name.. porn url spamming trojan
Posted: Fri May 21, 2004 5:51 am
I don't know too much about this trojan, only that it is spreading like wildfire (the network I'm on has been getting around 20 new matches per day)
It's only spread through onjoin private messages as far as I know.
The trojan uses a dictionary file to get it's nick it looks like (I see alot of the same nicks from totally different locations).. The username is always 6 random lowercase letters (identd never works), and the gecos name is always 21 random lowercase letters..
The version reply of the trojan is always:
Anyway, here's the filter I've been using, and it's worked great so far:
I don't have a name for this trojan, but if anybody else has one (and a url for it), please let me know.
It's only spread through onjoin private messages as far as I know.
Code: Select all
<ThinkingAboutYou> Free porn pic and movies www.girlporn.org
<StreetSpirit> Free porn pic and movies www.girlporn.org
<Fontopid> Free porn pic and movies www.girlporn.org
<Aloone> Free porn pic and movies www.sexymovies.da.ru
<n\a> Free porn pic and movies www.girlporn.org
The version reply of the trojan is always:
Code: Select all
mIRC v6.13 Khaled Mardam-Bey
Code: Select all
spamfilter {
regex "^Free porn pic and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
target private;
reason "Spamming a porn url to users. Scan your pc for viruses.";
action gline;
};