` Warning: / Beware IRCd \ <= Malware!

W

wcd

Well, the aptly chosen name of this malware, presented to the public
as freeware, does include "Beware". How considerate.

It may be wise to avoid using it; spread the word.

//

Zip Archive Name: bewareircd-win32.zip (167864)
Malware Name: bircd.exe
[Warning] Contains a signature of the (dangerous) backdoor program
BDS/Delf.A Backdoor server program

//

http://ircd.bircd.org/
http://www.bircd.org/

//

Canonical name: koyori.bircd.org
Aliases:
ircd.bircd.org
www.bircd.org
Addresses:
85.25.2.91

Information related to '85.25.1.0 - 85.25.15.255'

inetnum: 85.25.1.0 - 85.25.15.255
descr: SERVER4YOU Dedicated Server Hosting
descr: http://www.server4you.de
netname: SERVER4YOU-1
country: DE
org: ORG-BSBS1-RIPE
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
rev-srv: ns1.plusserver.de
rev-srv: ns2.plusserver.de
status: ASSIGNED PA
remarks: Abuse-Contact: (e-mail address removed)
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

organisation: ORG-BSBS1-RIPE
org-name: B S B - Service GmbH
org-type: NON-REGISTRY
descr: Internet-Hoster
remarks: BSB Service GmbH is part of intergenia AG
address: Daimlerstr.9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
mnt-ref: INTERGENIA-MNT
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

role: Intergenia Technik
address: intergenia AG
address: Daimlerstr. 9-11
address: 50354 Huerth
phone: +49 2233 612 0
fax-no: +49 2233 612 144
remarks: trouble: Information Contact (e-mail address removed)
remarks: trouble: Abuse Contact (e-mail address removed)
remarks: trouble: for more information
http://www.plusserver.de
admin-c: JO630-RIPE
admin-c: SW8783-RIPE
tech-c: JO630-RIPE
tech-c: SW8783-RIPE
nic-hdl: IT1309-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
abuse-mailbox: (e-mail address removed)

person: Oliver Drifthaus
address: Daimlerstr. 9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
nic-hdl: OD376-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

Information related to '85.25.0.0/18AS8972'

route: 85.25.0.0/18
descr: intergenia AG
origin: AS8972
mnt-by: INTERGENIA-MNT
mnt-lower: INTERGENIA-MNT
source: RIPE # Filtered
 
S

Steven Burn

I have to ask .... how exactly did you confirm this?

The filename you quoted is listed at several anti-virus websites, such as
Sophos, but this does not necessarily reflect the same file that is used in
the program you are referring to.

http://www.sophos.com/virusinfo/analyses/w32forbotcq.html

Have you uploaded the file to Jotti's online scanner for analysis
confirmation?

http://virusscan.jotti.org

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Well, the aptly chosen name of this malware, presented to the public
as freeware, does include "Beware". How considerate.

It may be wise to avoid using it; spread the word.

//

Zip Archive Name: bewareircd-win32.zip (167864)
Malware Name: bircd.exe
[Warning] Contains a signature of the (dangerous) backdoor program
BDS/Delf.A Backdoor server program

//

http://ircd.bircd.org/
http://www.bircd.org/

//

Canonical name: koyori.bircd.org
Aliases:
ircd.bircd.org
www.bircd.org
Addresses:
85.25.2.91

Information related to '85.25.1.0 - 85.25.15.255'

inetnum: 85.25.1.0 - 85.25.15.255
descr: SERVER4YOU Dedicated Server Hosting
descr: http://www.server4you.de
netname: SERVER4YOU-1
country: DE
org: ORG-BSBS1-RIPE
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
rev-srv: ns1.plusserver.de
rev-srv: ns2.plusserver.de
status: ASSIGNED PA
remarks: Abuse-Contact: (e-mail address removed)
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

organisation: ORG-BSBS1-RIPE
org-name: B S B - Service GmbH
org-type: NON-REGISTRY
descr: Internet-Hoster
remarks: BSB Service GmbH is part of intergenia AG
address: Daimlerstr.9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
mnt-ref: INTERGENIA-MNT
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

role: Intergenia Technik
address: intergenia AG
address: Daimlerstr. 9-11
address: 50354 Huerth
phone: +49 2233 612 0
fax-no: +49 2233 612 144
remarks: trouble: Information Contact (e-mail address removed)
remarks: trouble: Abuse Contact (e-mail address removed)
remarks: trouble: for more information
http://www.plusserver.de
admin-c: JO630-RIPE
admin-c: SW8783-RIPE
tech-c: JO630-RIPE
tech-c: SW8783-RIPE
nic-hdl: IT1309-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
abuse-mailbox: (e-mail address removed)

person: Oliver Drifthaus
address: Daimlerstr. 9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
nic-hdl: OD376-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

Information related to '85.25.0.0/18AS8972'

route: 85.25.0.0/18
descr: intergenia AG
origin: AS8972
mnt-by: INTERGENIA-MNT
mnt-lower: INTERGENIA-MNT
source: RIPE # Filtered
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

XP phones home 5

Top