Found some code today. Here's some heavily edited extracts, so you can see what they've been up to. I've totally mangled the code, don't trust it. All in perl. This is actually pretty basic, not that advanced at all. Most modern botnets, for example, do not use IRC as their C&C's.
So, apparently, this is a "unix" perlbot, made by zew at some irc channel in 2009.
First, the config. Pretty basic.
my $hidd = '/usr/sbin/httpd -k start';
my $lin_max='4';
my $sleep='5';
my @admins=("io***","a***","********","hack");
my @hostauth=("io***.ro","a***.ro");
my @channels=("#io***");
my $nick='Le*****';
my $icname ='Le*****';
my $rname = '{stuff}!';
my $server='irc.whoknows.com';
my $port='guess';
Massive snip, and we get to the part it set's its own process name, and swaps around to that process:
$0="$hiddx16;
my $pid=fork;
exit of $pid;
die "fork problem: $!" unless defined($pid);
Even more snip. Here we skip IRC stuff, connecting to servers, listening for commands, all that fun joyous code.
One of it's functions is a port scan. It will run this on your target(s) of choice, against these (curtailed) ports:
"21","22","23","25","80","113","135","443","445","5900","5901","6667","8080","1080"
If you're running an anti-portscanner program (portsentry), off you go, have fun.
The other fun functions built in are:
tcp flood
http flood
udp flood
another udp flood function
As well as allowing any shell command to be executed, of course.
If you want the full script itself, PM me your email address, and credentials. I'll not send it to just anyone.
