AustIRC - Active Spamfilters on the network (http://www.austirc.net/)

gline	vulnsec	REGEX:link-net.org REASON:Spam_is_gay	never
gline	bastion	REGEX:irc.zenet.org REASON:Spam	never
gzline	nb	REGEX:http://vaniketamer.miniville.fr/ REASON:Spam_mer!	never
gline	nb	REGEX:F-Crew REASON:Piss_Off	never
gline	nb	REGEX:irc.riniashow.net REASON:Do_not_spam	never
block		REGEX:^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode$.+=.?,m$ \\| \.load -rs \$decode$.+=.?,m$$ REASON:Spamming_users_with_an_mIRC_trojan._Type_'/unload_-rs_newb'_to_remove_the_trojan.	never
block		REGEX:^LOL! //echo -a \$$\$decode\(.+,m$,[0-9]\)$ REASON:$decode_exploit	never
block		REGEX:^Free porn pic.? and movies (www\.sexymovies\.da\.ru\|www\.girlporn\.org) REASON:Unknown_virus._Site_causes_Backdoor.Delf.lq_infection	never
block		REGEX:http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif\|jpg\|avi\|txt) REASON:Infected_by_Gaggle_worm	never
dccblock		REGEX:C:\\WINNT\\system32\\(notes\|videos\|xxx\|ManualSeduccion\|postal\|hechizos\|images\|sex\|avril)\.zip REASON:Infected_by_Gaggle_worm	never
block		REGEX:C:\\WINNT\\system32\\[][0-9a-z_-{\|}`]+\.zip REASON:Infected_by_Gaggle_worm?	never
gline		REGEX:.(http://jokes\.clubdepeche\.com\|http://horny\.69sexy\.net\|http://private\.a123sdsdssddddgfg\.com). REASON:Infected_by_LOI_trojan	never
gline		REGEX:^hey .* to get OPs use this hack in the chan but SHH! //\$decode$.,m$ \\| \$decode$.,m$$ REASON:Infected_by_nkie_worm:_see_http://www.trojaninfo.com/nkie/nkie.htm	never
gline		REGEX:^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode$.+=,m$ \\| \.load -rs Matrix2 \\| //mode \$me \+R$ REASON:Infected_by_nkie_worm:_see_http://www.trojaninfo.com/nkie/nkie.htm	never
gline		REGEX:^STOP SPAM, USE THIS COMMAND: //write nospam \$decode$.+$ \\| \.load -rs nospam \\| //mode \$me \+R$ REASON:Infected_by_nkie_worm:_see_http://www.trojaninfo.com/nkie/nkie.htm	never
gline		REGEX:(^wait a minute plz\. i am updating my site\|.my erotic video).http://.+/erotic(a)?/myvideo\.exe$ REASON:Infected_by_some_trojan_(erotica?)	never
gline		REGEX:^porn! porno! http://.+\/sexo\.exe REASON:Infected_by_soex_trojan:_see_http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A	never
gline		REGEX:^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})\|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15} REASON:Attempting_to_use_a_SpyBot	never
gline		REGEX:^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$ REASON:Attempting_to_use_an_SDBot	never
gline		REGEX:^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$ REASON:Attempting_to_use_a_GTBot	never
gline		REGEX:^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$ REASON:Attempting_to_use_a_GTBot	never
gline		REGEX:^!icqpagebomb ([0-9]{1,15} ){2}.+ REASON:Attempting_to_use_a_GTBot	never
gline		REGEX:^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} REASON:Attempting_to_use_a_GTBot	never
gline		REGEX:^!login grrrr yeah baby!$ REASON:Attempting_to_login_to_a_GTBot	never
gline		REGEX:^!login Wasszup!$ REASON:Attempting_to_login_to_a_GTBot	never
gline		REGEX:^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$ REASON:Infected_by_aplore_worm:_see_http://www.f-secure.com/v-descs/aplore.shtml	never
block		REGEX:^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*! REASON:Infected_by_fagot_worm:_see_http://www.f-secure.com/v-descs/fagot.shtml	never
gline		REGEX:Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe REASON:Infected_by_mirseed_trojan:_see_http://www.sophos.com/virusinfo/analyses/trojmirseeda.html	never
gline		REGEX:Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg REASON:Infected_by_fyle_trojan:_see_http://www.sophos.com/virusinfo/analyses/trojfylexa.html	never
kill		REGEX:\x01DCC (SEND\|RESUME).{225} REASON:Possible_mIRC_6.12_exploit_attempt	never
kill		REGEX:\x01DCC (SEND\|RESUME)[ ]+"(.+ ){20} REASON:mIRC_6.0-6.11_exploit_attempt	never

Back