Jump to content


Bots used as password crackers

  • Please log in to reply
1 reply to this topic

#1 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 30 November 2009 - 12:35 PM


Microsoft has released data from a honeypot project designed to mimic an FTP server and document dictionary-based password attacks. The project, which involved a network protocol analyzer in Microsoft's Dublin-based malware research lab, found that the majority of the password attacks were automated, and not carried out directly by the attackers.

"Most of the probing is done from compromised systems that are connected to a password-protected IRC channel and are waiting for commands", Microsoft said. "One such command is to scan and identify other vulnerable hosts."

The average password length tried during an attack was eight characters. The average user name length was six characters. However, the company pointed out that password lengths of up to 29 characters were tried, along with user names of up to 15 characters....

We see something a bit like this ourselves in the server's Exim Rejectlog, where idiot bots keep trying dictionary spam attacks on spywareinfo.org - which actually has no email accounts. :spiteful:
[box]2009-11-30 12:00:42 H=85.166.71-86.rev.gaoland.net (komputeruit) []:1676 I=[]:25 F=<abenaadlam@spywareinfo.org> rejected RCPT <njyumjq5ljy0ljuy960@spywareinfo.org>:
2009-11-30 12:00:42 H=85.166.71-86.rev.gaoland.net (komputeruit) []:1688 I=[]:25 F=<autumnstrattontroupe@frontrunnernetworks.com> rejected RCPT <njyumjq5ljy0ljuy960@spywareinfo.org>:
2009-11-30 12:00:47 H=(ap7cc21f6695c8) []:4210 I=[]:25 F=<adebowalebarnard@spywareinfo.org> rejected RCPT <ntkumtq0ljiumjmz132@spywareinfo.org>:
2009-11-30 12:00:50 H=(ap7cc21f6695c8) []:4227 I=[]:25 F=<resumedd@moseleytechnical.com> rejected RCPT <ntkumtq0ljiumjmz132@spywareinfo.org>:
2009-11-30 12:19:59 H=212-198-160-34.rev.numericable.fr (nom47d5a5b94ad) []:1207 I=[]:25 F=<adannaalice@spywareinfo.org> rejected RCPT <njyumjq5ljy1ljmz273@spywareinfo.org>:
2009-11-30 12:28:43 H=(stefan) []:3943 I=[]:25 F=<adannayabelden@spywareinfo.org> rejected RCPT <w295@spywareinfo.org>:
2009-11-30 12:28:43 H=(stefan) []:3944 I=[]:25 F=<qmrnd@web.de> rejected RCPT <w295@spywareinfo.org>:
2009-11-30 12:31:52 H=(etmail.namliong.com.tw) []:41441 I=[]:25 F=<info@michealdavis.org> rejected RCPT <680@spywareinfo.org>: [/box]and many more, all using very long 'names'..

I haven't seen bot email spam attacks on SWI (spywareinfoforum.com).
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

#2 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 04 December 2009 - 03:06 AM


Do and doníts for p@$$w0rd$
- http://blogs.technet...for-p-w0rd.aspx
November 27, 2009 - "... To check if you have a strong password, you can use Microsoft's password checker ( http://www.microsoft...ds/checker.aspx )... For additional information regarding passwords you can visit the following links:
Creating passwords - http://www.microsoft...rds/create.aspx
Maintaining passwords - http://www.microsoft...rds/secret.aspx ..."

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button