Die DEUTSCHEN Trojaner-Seiten
Zur Homepage
Script Kiddie "On Tour"
oder " Was erlebt man, bei Aktivierung eines Sub7-Fakeservers"
Unser Foren-Stammuser "Chrisy" hat sich auf seinem System mal einen Sub7 - Fakeserver installiert. Ein Fake-Server täuscht lediglich die Existenz eines aktiven Sub7 - Servers (also ein mit Sub7 infiziertes System) vor und gewährt dem Angreifer ein paar Scheinfunktionen. Wir möchten die Log-Datei einmal in dieser Form unkommentiert lassen. Der Leser sollte hier lediglich ein paar Eindrücke sammeln. Einige Daten haben wir durch schwarze "x" unkenntlich gezeichnet.Besonderen Dank geht an "Chrisy" aus unserem Board.
===17:28:35: Port 1243 opened===
===17:28:35: Port 27374 opened===
===17:28:35: Port 6667 opened===
===17.04.01 17:28:49: Fake-Server closed
===17.04.01 17:28:56: port 1243 opened===
===17.04.01 17:28:56: port 27374 opened===
===17.04.01 17:28:56: port 6667 opened===
### 17.04.01 17:49:48: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 17:49:52: Client 2 has closed the connection===
### 17.04.01 17:50:33: Client (217.3.7.4) connected as 2 on Port:'27374' ###
Unknown command:
Unknown command: Upd optional data:ate
Unknown command:
Unknown command: get optional data:pcinfo
Unknown command: Res optional data:tartServer
===17.04.01 17:53:37: Client 2 has closed the connection===
### 17.04.01 17:53:40: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 17:53:48: Client 2 has closed the connection===
### 17.04.01 17:54:21: Client (217.3.7.4) connected as 2 on Port:'27374' ###
17:54:38: Client 2 requests pc-info
17:54:54: Client 2 requests home-info
17:56:43: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:48: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:49: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:49: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:50: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:51: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:51: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:52: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:56:52: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
17:58:32: Client 2 wants to disable irc-notify
17:58:44: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
Unknown command: PIN optional data:G
18:03:41: Client 2 requests pc-info
18:03:45: Client 2 requests pc-info
18:03:47: Client 2 requests pc-info
18:03:48: Client 2 requests pc-info
18:05:31: Client 2 changes the server-password (to: 'locopass')
18:06:27: Client 2 requests offline-keys
18:06:45: Client 2 closes keylogger
18:07:01: Client 2 opens the keylogger
18:07:26: Client 2 closes keylogger
18:07:54: Client 2 wants to enable irc-notify (server:'irc.xxxxxxx.net' channel:'#xxxxx' port:'6667')
18:08:32: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:08:34: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:08:35: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:08:36: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
Unknown command: IN2 optional data:
Unknown command: CL2 optional data:
Unknown command: IN2 optional data:
Unknown command: CL2 optional data:
Unknown command: CL2 optional data:
Unknown command: IN7 optional data:
Unknown command: CL7 optional data:
Unknown command: CL7 optional data:
===18:16:59: Port 1243 closed===
===18:16:59: Port 27374 closed===
===18:16:59: Port 6667 closed===
===18:16:59: Port 27374 closed===
===18:17:04: Port 1243 opened===
===18:17:04: Port 27374 opened===
===18:17:04: Port 6667 opened===
### 17.04.01 18:20:17: Client (217.3.7.4) connected as 2 on Port:'27374' ###
Unknown command: IN2 optional data:
===18:22:11: Port 1243 closed===
===18:22:11: Port 27374 closed===
===18:22:11: Port 6667 closed===
===18:22:11: Port 27374 closed===
===18:22:17: Port 1243 opened===
===18:22:17: Port 27374 opened===
===18:22:17: Port 6667 opened===
### 17.04.01 18:22:18: Client (217.3.7.4) connected as 2 on Port:'27374' ###
18:23:41: Client 2 opens the keylogger
18:23:49: Client 2 requests offline-keys
18:26:40: Client 2 switches AIM-Spy on
18:26:57: Client 2 switches AIM-Spy on
18:26:58: Client 2 switches AIM-Spy on
18:26:59: Client 2 switches AIM-Spy on
18:27:00: Client 2 switches AIM-Spy on
18:27:01: Client 2 switches AIM-Spy on
18:27:06: Client 2 switches AIM-Spy off
Unknown command: RSH optional data:C:
===18:31:51: Port 1243 closed===
===18:31:51: Port 27374 closed===
===18:31:51: Port 6667 closed===
===18:31:51: Port 27374 closed===
===18:31:52: Port 1243 opened===
===18:31:52: Port 27374 opened===
===18:31:52: Port 6667 opened===
### 17.04.01 18:34:33: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:35:09: Client 2 has closed the connection===
### 17.04.01 18:35:14: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:35:36: Client 2 has closed the connection===
### 17.04.01 18:42:22: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:44:20: Client 2 has closed the connection===
### 17.04.01 18:44:21: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:44:23: Client 2 has closed the connection===
### 17.04.01 18:44:36: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:44:40: Client 2 has closed the connection===
### 17.04.01 18:44:59: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:46:50: Client 2 has closed the connection===
### 17.04.01 18:46:57: Client (217.3.7.4) connected as 2 on Port:'27374' ###
Unknown command: Upd optional data:ate
Unknown command:
Unknown command: get optional data:pcinfo
===17.04.01 18:48:18: Client 2 has closed the connection===
### 17.04.01 18:48:21: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:48:26: Client 2 has closed the connection===
### 17.04.01 18:48:30: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 18:50:00: Client 2 has closed the connection===
### 17.04.01 18:50:41: Client (217.3.7.4) connected as 2 on Port:'27374' ###
18:50:52: Client 2 requests pc-info
18:52:11: Client 2 wants to update the server
Unknown command: IN2 optional data:
Unknown command: CL2 optional data:
Unknown command: IN2 optional data:
Unknown command: CL2 optional data:
Unknown command: CL2 optional data:
Unknown command: PIN optional data:G
18:56:28: Client 2 requests pc-info
18:56:31: Client 2 requests pc-info
18:56:32: Client 2 requests pc-info
18:56:32: Client 2 requests pc-info
18:56:33: Client 2 requests pc-info
18:56:34: Client 2 requests pc-info
18:56:34: Client 2 requests pc-info
18:56:35: Client 2 requests pc-info
18:56:36: Client 2 requests pc-info
18:56:43: Client 2 requests home-info
18:56:44: Client 2 requests home-info
18:57:21: Client 2 wants to enable irc-notify (server:'irc.xxxxxx.net' channel:'#xxxxxx' port:'6667')
18:57:26: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:57:43: Client 2 wants to disable irc-notify
18:57:46: Client 2 wants to disable irc-notify
18:57:47: Client 2 wants to disable irc-notify
18:57:48: Client 2 wants to disable irc-notify
18:57:52: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:57:54: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:57:55: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:57:56: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
18:58:10: Client 2 closes keylogger
18:58:15: Client 2 requests offline-keys
===19:01:11: Port 1243 closed===
===19:01:11: Port 27374 closed===
===19:01:11: Port 6667 closed===
===19:01:11: Port 27374 closed===
===19:01:12: Port 1243 opened===
===19:01:12: Port 27374 opened===
===19:01:12: Port 6667 opened===
### 17.04.01 19:03:51: Client (217.3.7.4) connected as 2 on Port:'27374' ###
Unknown command: RSH optional data:C:
===19:05:53: Port 1243 closed===
===19:05:53: Port 27374 closed===
===19:05:53: Port 6667 closed===
===19:05:53: Port 27374 closed===
===19:05:54: Port 1243 opened===
===19:05:54: Port 27374 opened===
===19:05:54: Port 6667 opened===
### 17.04.01 19:05:59: Client (217.3.7.4) connected as 2 on Port:'27374' ###
===17.04.01 19:06:18: Client 2 has closed the connection===
### 17.04.01 19:12:04: Client (217.3.7.4) connected as 2 on Port:'27374' ###
19:12:20: Client 2 wants to update the server
19:13:07: Client 2 changes the server-password (to: 'locopass')
19:13:24: Client 2 requests pc-info
19:14:09: Client 2 closes keylogger
19:14:22: Client 2 opens the keylogger
19:14:34: Client 2 requests offline-keys
19:16:32: Client 2 requests window-list
19:16:38: Client 2 requests window-list
19:16:42: Client 2 requests window-list
19:16:46: Client 2 requests window-list
19:18:13: Client 2 wants to disable irc-notify
19:18:18: Client 2 wants to enable icq-notify (victimname: No.01-GOLD to UIN: xxxxxxxx
19:19:27: Client 2 wants to update the server
Unknown command: CRS optional data:http://www.xxxxxxxxxxxxxx.com
===17.04.01 19:21:45: Client 2 has closed the connection===
### 17.04.01 19:21:54: Client (217.3.7.4) connected as 2 on Port:'27374' ###
19:22:00: Client 2 opens the keylogger
===19:23:49: Port 1243 closed===
===19:23:49: Port 27374 closed===
===19:23:49: Port 6667 closed===
===19:23:49: Port 27374 closed===
===17.04.01 19:23:50: Fake-Server closed
===17.04.01 19:25:31: port 1243 opened===
===17.04.01 19:25:31: port 27374 opened===
===17.04.01 19:25:31: port 6667 opened===
===19:25:36: Port 1243 closed===
===19:25:36: Port 27374 closed===
===19:25:36: Port 6667 closed===
===17.04.01 19:27:17: Fake-Server closed

(tt) 19.04.2001

Diese Themen könnten Sie auch interessieren!

X

Die Anzahl von Phishing-Angriffen mittels E-Mails und betrügerischen Webseiten, die den Seiten bekannter Unternehmen zum Verwechseln ähneln, hat sich im