보안위협 (악성코드)/악성코드 소식

IrmBot 내부 문자열들

쿨캣7 2007. 2. 27. 17:06
728x90
반응형


IrmBot 내부 문자열들

제작자는 IrnBot 으로 불리기 원했지만 안랩은(실제로는 옆자리 사람과 쑥덕쑥덕) 제작자의 의도를
무시하고 IrmBot 으로 부르기로했다. (2007년 3월 2일에)

* 이름 변경

Win32/IRCBot.worm.206848.I -> Win32/IrmBot.worm.206848
Win32/IRCBot.worm.210944.B -> Win32/IrmBot.worm.210994
Win32/IRCBot.worm.212992.F -> Win32/IrmBot.worm.212992
Win32/IRCBot.worm.214528.F -> Win32/IrmBot.worm.214528
Win32/IRCBot.worm.222720.B -> Win32/IrmBot.worm.222720

-----------------------

제작자는 자신의 서버를 파괴하는 SANS.org 와 자신을 진단하는 백신 업체
그리고 자신이 만든 악성코드의 진단명이 IrnBot 이 아닌 점에 불만인 듯 싶다.

* 자신의 서버를 파괴하는 SANS.org 에 대한 메시지

You better fuck off SANS.org especially that Johannes Ullrich (xxxxxxx@sans.org, 6xx-xxx-1xxx) and Kevin Hong (xxxxx@certcc.or.kr, +82-2-xxx-xxxx).
I really don't have anything against you, just piss off alright?


* 백신 업체 직원들에게 자신의 악성코드가 IrnBot 임을 강조함

Hello antivirus employee, I must protest your virus naming system, it isn't very accurate.
I as a malware author believe that I deserve the right to at least have my creations named properly; like come on,
I'm the one who keeps your ass in business.
Anyways this isn't "RinBot", "VanBot" or "NirBot"; the correct name is "IrnBot".
Thank you Panda Antivirus for getting this correct.
For the rest of you, I hope you read this and make the correction, or ELSE.


* 또 다시 자신의 악성코드가 IrcBot 임을 강조

Dear antivirus employee: well it's been an interesting week, it's been a good battle.
P.S. The name is IrnBot, make corrections now please.

사용자 삽입 이미지




* 시만텍에 대한 메시지

Dear Symantec: For years I have longed for just one thing, to make malware with just the right sting, you detected my creation and got my domains killed,
but I will not stop, I can rebuild.

P.S. Fuck you assholes, especially Stephen Doherty who is the biggest faggot I know of.


특히 rhyme 까지 맞다고하니 힙합을 좋아하는 사람으로 보인다.

For years I have longed for just one (thing),
to make malware with just the right (sting)

and (got) my domains (killed)
I will (not) stop, I can (rebuild)



* Win32/IrmBot.worm.212992 에 포함된 메시지 (2007년 3월 4일 발견)

Tonight on CNN: An interview with the author(s) of Rinbot. Who are you? Hacker(s). Are you actually disgruntled? No. Then why are you actively going after Symantec?

The worm is designed for getting the highest yield of computers infected, not to aggravate Symantec; there is no hate. So why attack the Symantec anti-virus program?

A lot of businesses and universities run the application, making it a prime target for exploitation. Are you aware that your worm is crippling computer networks?

 Yes that can happen on slow networks or networks with many computers; the worm also searches and removes other worms from the system, acting as a small anti-virus program if you will. If you wish not to have those problems keep your software updated.

Why did you taunt Symantec and other security companies? They were the first to list the worm on their site and try and get servers shut down. What do you intent to use the infected computers for? Nothing very malicious; no fraud or anything like that. What is the real name of the worm and how did you come up with it? The real name is IrnBot, it is named after a popular soft drink called IrnBru. Thank you for your time author of Rinbot. You are very welcome CNN, thank you for the opportunity to explain.

* 참고

- Arbor Network 에서도 유사한 내용이 올라왔다.

http://asert.arbornetworks.com/2007/03/nirbot-even-botters-need-attention/

728x90
반응형