` Warning: / Beware IRCd \ <= Malware!

Discussion:

(too old to reply)

w***@malware.eradication.net

2005-11-14 08:24:47 UTC

Well, the aptly chosen name of this malware, presented to the public
as freeware, does include "Beware". How considerate.

It may be wise to avoid using it; spread the word.

//

Zip Archive Name: bewareircd-win32.zip (167864)
Malware Name: bircd.exe
[Warning] Contains a signature of the (dangerous) backdoor program
BDS/Delf.A Backdoor server program

//

http://ircd.bircd.org/
http://www.bircd.org/

//

Canonical name: koyori.bircd.org
Aliases:
ircd.bircd.org
www.bircd.org
Addresses:
85.25.2.91

Information related to '85.25.1.0 - 85.25.15.255'

inetnum: 85.25.1.0 - 85.25.15.255
descr: SERVER4YOU Dedicated Server Hosting
descr: http://www.server4you.de
netname: SERVER4YOU-1
country: DE
org: ORG-BSBS1-RIPE
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
rev-srv: ns1.plusserver.de
rev-srv: ns2.plusserver.de
status: ASSIGNED PA
remarks: Abuse-Contact: ***@server4you.de
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

organisation: ORG-BSBS1-RIPE
org-name: B S B - Service GmbH
org-type: NON-REGISTRY
descr: Internet-Hoster
remarks: BSB Service GmbH is part of intergenia AG
address: Daimlerstr.9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
mnt-ref: INTERGENIA-MNT
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

role: Intergenia Technik
address: intergenia AG
address: Daimlerstr. 9-11
address: 50354 Huerth
phone: +49 2233 612 0
fax-no: +49 2233 612 144
remarks: trouble: Information Contact ***@plusserver.de
remarks: trouble: Abuse Contact ***@plusserver.de
remarks: trouble: for more information
http://www.plusserver.de
admin-c: JO630-RIPE
admin-c: SW8783-RIPE
tech-c: JO630-RIPE
tech-c: SW8783-RIPE
nic-hdl: IT1309-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
abuse-mailbox: ***@plusserver.de

person: Oliver Drifthaus
address: Daimlerstr. 9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
nic-hdl: OD376-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered

Information related to '85.25.0.0/18AS8972'

route: 85.25.0.0/18
descr: intergenia AG
origin: AS8972
mnt-by: INTERGENIA-MNT
mnt-lower: INTERGENIA-MNT
source: RIPE # Filtered

Steven Burn

2005-11-14 10:17:57 UTC

Permalink

I have to ask .... how exactly did you confirm this?

The filename you quoted is listed at several anti-virus websites, such as
Sophos, but this does not necessarily reflect the same file that is used in
the program you are referring to.

http://www.sophos.com/virusinfo/analyses/w32forbotcq.html

Have you uploaded the file to Jotti's online scanner for analysis
confirmation?

http://virusscan.jotti.org

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Post by w***@malware.eradication.net
Well, the aptly chosen name of this malware, presented to the public
as freeware, does include "Beware". How considerate.
It may be wise to avoid using it; spread the word.
//
Zip Archive Name: bewareircd-win32.zip (167864)
Malware Name: bircd.exe
[Warning] Contains a signature of the (dangerous) backdoor program
BDS/Delf.A Backdoor server program
//
http://ircd.bircd.org/
http://www.bircd.org/
//
Canonical name: koyori.bircd.org
ircd.bircd.org
www.bircd.org
85.25.2.91
Information related to '85.25.1.0 - 85.25.15.255'
inetnum: 85.25.1.0 - 85.25.15.255
descr: SERVER4YOU Dedicated Server Hosting
descr: http://www.server4you.de
netname: SERVER4YOU-1
country: DE
org: ORG-BSBS1-RIPE
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
rev-srv: ns1.plusserver.de
rev-srv: ns2.plusserver.de
status: ASSIGNED PA
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
organisation: ORG-BSBS1-RIPE
org-name: B S B - Service GmbH
org-type: NON-REGISTRY
descr: Internet-Hoster
remarks: BSB Service GmbH is part of intergenia AG
address: Daimlerstr.9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
mnt-ref: INTERGENIA-MNT
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
role: Intergenia Technik
address: intergenia AG
address: Daimlerstr. 9-11
address: 50354 Huerth
phone: +49 2233 612 0
fax-no: +49 2233 612 144
remarks: trouble: for more information
http://www.plusserver.de
admin-c: JO630-RIPE
admin-c: SW8783-RIPE
tech-c: JO630-RIPE
tech-c: SW8783-RIPE
nic-hdl: IT1309-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
person: Oliver Drifthaus
address: Daimlerstr. 9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
nic-hdl: OD376-RIPE
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
Information related to '85.25.0.0/18AS8972'
route: 85.25.0.0/18
descr: intergenia AG
origin: AS8972
mnt-by: INTERGENIA-MNT
mnt-lower: INTERGENIA-MNT
source: RIPE # Filtered

bewareircd

2008-01-23 00:17:16 UTC

Permalink

i am the author of beware ircd. this program is not a trojan. this can be
verified by anyone by running it and monitoring all incoming and outgoing
traffic.
the reason this program is called a trojan is because it is being abused
by script kiddies for their "botnets", and probably got included in some
3rd party malware package, and as such flagged by a virus scanner company.

--
Message posted using http://www.talkaboutshareware.com/group/alt.comp.freeware/
More information at http://www.talkaboutshareware.com/faq.html

Susan Bugher

2008-01-23 02:09:17 UTC

Permalink

Post by bewareircd
i am the author of beware ircd. this program is not a trojan. this can be
verified by anyone by running it and monitoring all incoming and outgoing
traffic.
the reason this program is called a trojan is because it is being abused
by script kiddies for their "botnets", and probably got included in some
3rd party malware package, and as such flagged by a virus scanner company.
--
Message posted using http://www.talkaboutshareware.com/group/alt.comp.freeware/
More information at http://www.talkaboutshareware.com/faq.html

Message in a bottle?

The OP was sent in 2005. . .

Message-ID: <437849cf$0$81698$***@authen.yellow.readfreenews.net>
"Date: 14 Nov 2005 08:24:47 GMT"

Susan

--
Posted to alt.comp.freeware
Search alt.comp.freeware (or read it online):
http://www.google.com/advanced_group_search?q=+group:alt.comp.freeware
Pricelessware & ACF: http://www.pricelesswarehome.org
Pricelessware: http://www.pricelessware.org (not maintained)

John Corliss

2008-01-23 09:04:56 UTC

Permalink

Post by Susan Bugher

Post by bewareircd
i am the author of beware ircd. this program is not a trojan. this can be
verified by anyone by running it and monitoring all incoming and outgoing
traffic.
the reason this program is called a trojan is because it is being abused
by script kiddies for their "botnets", and probably got included in some
3rd party malware package, and as such flagged by a virus scanner company.
--
Message posted using
http://www.talkaboutshareware.com/group/alt.comp.freeware/
More information at http://www.talkaboutshareware.com/faq.html

Message in a bottle?
The OP was sent in 2005. . .
"Date: 14 Nov 2005 08:24:47 GMT"

I wouldn't install and-or use that program in any case. The OP only
serves as a warning, IMO.

--
John Corliss BS206. I use nFilter to block all crossposts, everything
from trolls like Andy Mabbett, Bear Bottoms, Hummingbird, Kayman and
proteanthread, and all Google Groups posts because of Googlespam. No ad,
cd, commercial, cripple, demo, dotnet, nag, share, spy, time-limited,
trial or web wares OR warez for me, please.