| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | News, Oct. 11 2004 |
[cut-n-paste from sophos.com]
Name W32/Sdbot-PZ
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Drops more malware
* Downloads code from the internet
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Used in DOS attacks
Aliases
* WORM_SDBOT.XN
* Backdoor.Win32.SdBot.05.bd
Prevalence (1-5) 2
Description
W32/Sdbot-PZ is a backdoor Trojan and network aware worm which runs in
the background as a service process and allows unauthorised remote
access to the computer via IRC channels.
W32/Sdbot-PZ remains resident, listening for commands from remote users.
If the appropriate commands are received the worm will begin scanning
the internet for network shares with weak administrator passwords and
will attempt to copy itself to these shares. W32/Sdbot-PZ can also
spread via the LSASS exploit on port 445 and DCOM when triggered.
W32/Sdbot-PZ may also be able to stealth itself from Task Manager by
dropping a copy of Troj/NtRootK-F and stealthing the original process.
Advanced
W32/Sdbot-PZ copies itself to the Windows System (or System32 folder
under MS Win NT/2000/XP) folder as msnmsng.exe and creates the following
registry entries so that the Trojan is run when the computer restarts:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
MSN Messanger = msnmsng.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
MSN Messanger = msnmsng.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
MSN Messanger = msnmsng.exe
W32/Sdbot-PZ's backdoor functions allow intruder to use infected host to
carry out various types of network attacks on others and install new
components on the host.
W32/Sdbot-PZ can also delete network shares and disable LSA and DCOM
access on infected host.
Name W32/Darby-G
Type
* Worm
How it spreads
* Email attachments
* Chat programs
* Peer-to-peer
Affected operating systems
* Windows
Side effects
* Turns off anti-virus applications
* Sends itself to email addresses found on the infected computer
* Installs itself in the Registry
Aliases
* Worm.P2P.Darby.m
* W32/Darby.worm.m
Prevalence (1-5) 2
Description
W32/Darby-G is a multi-lingual email, IRC and peer-to-peer worm.
Advanced
W32/Darby-G is a multi-lingual email, IRC and peer-to-peer worm.
When the worm is first run it may display the following fake error
message in English or Spanish:
"Impossible to open the file, this total or partially
damaged"
or
"Imposible abrir el archivo, esta total o
parcialmente donado"
The worm copies itself many times to the Windows system folder using
randomly generated filenames. The worm then adds the name of one of
these copies to the following registry entries to ensure it is run at
system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
= %SYSTEM%\
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Run\
= %SYSTEM%\
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
run = %SYSTEM%\
The worm also adds other autostart entries in the autoexec.bat, win.ini
and System.ini files. The following line is added to the autoexec.bat
file:
{at}win %SYSTEM%\
the following to the [boot] section of the System.ini file:
shell=Explorer.exe %SYSTEM%\
and the following to the [windows] section of the win.ini file:
run=%SYSTEM%\
W32/Darby-G copies itself to the share folder of popular peer-to-peer
clients including: applejuice, bearshare, edonkey2000, emule, grokster,
kazaa lite, kazaa, kmd, limewire, morpheus, overnet and shareaza.
W32/Darby-G also attempts to spread via email using addresses harvested
from the infected computer. The subject line, message text and attached
filename are chosen from an extensive list held within the worm and may
be in English or Spanish.
The worm also attempts to spread via IRC. The worm creates an irc script
file in the mirc and mirc32 folders and adds the filename to the [rfiles]
section of mirc.ini files. This script file is detected by Sophos as
mIRC/Darby-G.
W32/Darby-G will create registry entries under the following key:
HKLM\Software\GedzacLABS\Bardiel.d
set the following registry entries:
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Policies\System\
DisableRegistryTools = 1
DisableTaskMgr = 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = 1
DisableTaskMgr = 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = Explorer.exe %SYSTEM%\
and sets the following entries so the worm is run before BAT, COM, EXE,
PIF and SCR files:
HKLM\SOFTWARE\Classes\batfile\shell\open\command\
HKLM\SOFTWARE\Classes\comfile\shell\open\command\
HKLM\SOFTWARE\Classes\exefile\shell\open\command\
HKLM\SOFTWARE\Classes\piffile\shell\open\command\
HKLM\SOFTWARE\Classes\scrfile\shell\open\command\
HKLM\SOFTWARE\Classes\regfile\shell\open\command\
W32/Darby-G creates the file Bardial.hta in the root folder, the file
microsoftweb.htm in the Windows folder and bZip.exe in the Windows system
folder. These files can be deleted.
Name W32/Rbot-LY
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Records keystrokes
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Prevalence (1-5) 2
Description
W32/Rbot-LY is a network worm and backdoor Trojan for the Windows
platform.
W32/Rbot-LY allows a malicious user remote access to an infected
computer.
Advanced
W32/Rbot-LY is a network worm and backdoor Trojan for the Windows
platform.
W32/Rbot-LY allows a malicious user remote access to an infected
computer.
The worm copies itself to a file named ntfs16.exe in the Windows system
folder and creates the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
NTFS16 = ntfs16.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
NTFS16 = ntfs16.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
NTFS16 = ntfs16.exe
The following registry entries are also modified:
HKLM\SOFTWARE\Microsoft\Ole\
EnableDCOM = "N"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
restrictanonymous = dword:00000001
W32/Rbot-LY spreads using a variety of techniques including exploiting
weak passwords on computers and SQL servers, exploiting operating system
vulnerabilites (including DCOM-RPC, LSASS, WebDAV and UPNP) and using
backdoors opened by other worms or Trojans.
W32/Rbot-LY can be controlled by a remote attacker over IRC channels.
The backdoor component of W32/Rbot-LY can be used to:
start a proxy server
create screen/webcam captures
enable remote login (rlogin)
log keystrokes on the infected computer
filesystem manipulation
start/stop system services
take part in denial of service attacks (DoS)
send email
Patches for the operating system vulnerabilities exploited by
W32/Rbot-LK can be obtained from Microsoft at:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx
http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx
Name W32/Forbot-AY
Type
* Worm
How it spreads
* Network shares
* Chat programs
Affected operating systems
* Windows
Side effects
* Steals information
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Aliases
* Backdoor.Win32.Wootbot.gen
* W32/Gaobot.worm.gen.g
* WORM_WOOTBOT.GEN
Prevalence (1-5) 2
Description
W32/Forbot-AY is a worm which attempts to spread to remote network
shares. It also contains backdoor Trojan functionality, allowing
unauthorised remote access to the infected computer via IRC channels
while running in the background as a service process.
W32/Forbot-AY attempts to spread to network machines using various
exploits including the LSASS vulnerability (see MS04-011). The worm may
also spread via IRC channels.
W32/Forbot-AY may act as a proxy, delete network shares and steal keys
for various software products.
Advanced
W32/Forbot-AY is a worm which attempts to spread to remote network
shares. It also contains backdoor Trojan functionality, allowing
unauthorised remote access to the infected computer via IRC channels
while running in the background as a service process.
W32/Forbot-AY copies itself to the Windows system folder as FORBOO.EXE
and creates entries in the registry at the following locations so as to
run itself on system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
deejay = forboo.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
deejay = forboo.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
deejay = forboo.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
deejay = forboo.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
deejay = forboo.exe
W32/Forbot-AY also creates its own service named "NDIS TCP Layer
Transport Device", with the display name "deejay".
W32/Forbot-AY attempts to spread to network machines using various
exploits including the LSASS vulnerability (see MS04-011). The worm may
also spread via IRC channels.
W32/Forbot-AY may act as a proxy, delete network shares and steal keys
for various software products.
Name W32/Agobot-ZV
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Turns off anti-virus applications
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Prevalence (1-5) 2
Description
W32/Agobot-ZV is a network worm and backdoor Trojan for the Windows
platform.
Advanced
W32/Agobot-ZV is a network worm and backdoor Trojan for the Windows
platform. When first run, W32/Agobot-ZV copies itself to the Windows
system folder with the filename soundtctrls.exe and creates the
following registry entries in order to run on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
soundtctrls = soundtctrls.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
soundtctrls = soundtctrls.exe
W32/Agobot-ZV also drops a DLL file into the Windows system folder with
the filename wormride.dll.
The backdoor component of W32/Agobot-ZV joins an IRC channel and accepts
commands from a remote user.
Name W32/Rbot-LT
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Downloads code from the internet
* Reduces system security
* Records keystrokes
* Installs itself in the Registry
Aliases
* Backdoor.Win32.Rbot.cd
Prevalence (1-5) 2
Description
W32/Rbot-LT is a network worm which contains IRC backdoor Trojan
functionality, allowing unauthorised remote access to the infected
computer.
Advanced
W32/Rbot-LT is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised
remote access to the infected computer via IRC channels while running in
the background as a service process.
W32/Rbot-LT spreads to network shares with weak passwords and via
network security exploits as a result of the backdoor Trojan element
receiving the appropriate command from a remote user.
W32/Rbot-LT copies itself to the Windows system folder as LSSRV.EXE and
creates entries at the following locations in the registry with the
value Microsoft Services so as to run itself on system startup,
resetting them multiple times every minute:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
W32/Rbot-LT also sets the following registry entry with the same value
to point to itself:
HKCU\Software\Microsoft\OLE
W32/Rbot-LT may attempt to sets the following registry entries:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = "N"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1"
W32/Rbot-LT may attempt to delete network shares on the host computer.
W32/Rbot-LT may attempt to log keystrokes to the file KEY32.TXT in the
Windows system folder.
Name W32/Forbot-AV
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Used in DOS attacks
Aliases
* Backdoor.Win32.Wootbot.k
Prevalence (1-5) 2
Description
W32/Forbot-AV is a network worm and backdoor Trojan for the Windows
platform.
Advanced
W32/Forbot-AV is a network worm and backdoor Trojan for the Windows
platform.
When first run, W32/Forbot-AV copies itself to the Windows system folder
as win32usb.exe. In order to run on system startup, the worm creates the
following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
USB Device = win32usb.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
USB Device = win32usb.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
USB Device = win32usb.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
USB Device = win32usb.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
USB Device = win32usb.exe
W32/Forbot-AV registers itself as a service process and connects to an
IRC channel where it awaits commands from a remote user.
The backdoor component can be used to perform the following functions:
execute arbitrary commands (remote shell)
download and execute files from the internet
harvest product registration keys from the system registry
socks4 proxy server
port scanner
start/stop system service processes
DDoS (Distributed Denial of Service) attacks
delete network shares
steal usernames and passwords
Name W32/Bagz-B
Type
* Worm
How it spreads
* Email attachments
Affected operating systems
* Windows
Side effects
* Sends itself to email addresses found on the infected computer
* Forges the sender's email address
* Uses its own emailing engine
* Downloads code from the internet
* Installs itself in the Registry
Aliases
* I-Worm.Bagz.b
* W32/Bagz.b{at}MM
Prevalence (1-5) 2
Description
W32/Bagz-B is mass mailing network worm. It also contains a backdoor
which allows an intruder to instruct it to download and install further
components.
W32/Bagz-B may also try to disable the Windows default firewall on
startup.
W32/Bagz-B will attempt to harvest email addresses from the "Document
and setting" folder on the local machine with names such as *.txt,
*.htm, *.htm, *,dbx, *.tbi, *.tbb.
Advanced
The email it sends will contain an attachment either in ZIP format or in
a binary file. It will contain the following subject lines:
"last request before refunding"
"re: user id update"
"fwd: your funds are eligible for withdrawal"
"find a solution with this customer"
"no subject"
"re: help desk registration"
"failure notice"
"fwd: password"
"when should i call you?"
"re: re: a question"
"knowledge base article"
"open invoices"
"returned mail: see transcript for details"
"building maintenance"
"[fwd: broken link]"
"winxp"
"troubles are back again"
"questions"
"order approval"
"units available"
"progress news"
"big announcements"
"need help pls"
"you have recieved an ecard!"
"what is this ????"
"deactivation notice"
"message recieved, please confirm"
"my funny stories"
"cost inquiry"
"re: payment"
"referrences"
"webmail invite"
"re: quote request"
Attachments can use the following names:
arch.doc.exe
arch.zip
archive.doc.exe
archive.zip
atach.doc.exe
atach.zip
att.doc.exe
att.zip
contact.doc.exe
contact.zip
db.doc.exe
db.zip
dl.exe
doc.doc.exe
doc.zip
documents.doc.exe
documents.zip
file.doc.exe
file.zip
ipdb.dll
jobdb.dll
mail.doc.exe
mail.zip
message.doc.exe
message.zip
messages.doc.exe
messages.zip
msg.doc.exe
msg.zip
read.doc.exe
read.zip
readme.doc.exe
readme.zip
support.doc.exe
support.zip
syslogin.exe
tutorial.doc.exe
warning.doc.exe
warning.zip
W32/Bagz-B will keep a copy of the above files in the folder %system32%.
Other than the above, it will also drop the following components:
%system32%/dl.exe
%system32%/syslogin.exe
%system32%/ipdb.dll
%system32%/jobdb.dll
And also create the following autorun registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
syslogin.exe = syslogin.exe
Name W32/Sdbot-PV
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Uses its own emailing engine
* Downloads code from the internet
* Reduces system security
Aliases
* Backdoor.SdBot.gen
Prevalence (1-5) 2
Description
W32/Sdbot-PV is an IRC backdoor that can spread via IPC shares protected
by weak passwords.
An infected computer can be controlled by a remote attacker through IRC
channels.
Advanced
W32/Sdbot-PV is an IRC backdoor that can spread via IPC shares protected
by weak passwords.
In order to run automatically when Windows starts up the worm copies
itself to the file wuamngr1.exe in the Windows system folder and adds
the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Win32 Services1 = wuamngr1.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Win32 Services1 = wuamngr1.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Win32 Services1 = wuamngr1.exe
W32/Sdbot-PV connects to an IRC server specified by the author and joins
a channel from which it will receive further commands. These commands
can start any of the following actions:
sock4 proxy server
UDP, SYN or PING flooding
TCP redirection
download files
execute arbitrary commands
install an updated version of the backdoor
spread via weakly-protected IPC shares
steal product keys
send raw IRC commands
Name W32/Korgo-Q
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Downloads code from the internet
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Prevalence (1-5) 2
Description
W32/Korgo-Q is a network worm for the Windows platform.
W32/Korgo-Q spreads by scanning for machines that are vulnerable to the
LSASS exploit (MS04-011).
Advanced
W32/Korgo-Q is a network worm for the Windows platform.
W32/Korgo-Q spreads by scanning for machines that are vulnerable to the
LSASS exploit (MS04-011).
W32/Korgo-Q will listen on a random port for incoming connections.
W32/Korgo-Q will then scan random IPs and try to connect to port 445 on
remote computers with a specially crafted packet. Any computer
vulnerable to the LSASS exploit will then connect back to the infected
computer and download a copy of the worm. The exploited computer will
then run a copy of the worm.
W32/Korgo-Q will connect to a number of URLs to report that a computer
has been infected. Some of these URLs are those of anti-virus and
banking companies which constitutes an attempt at a Denial of Service
(DOS) attack.
When first run, W32/Korgo-Q will copy itself to the Window System folder
with a random filename and an extension of MSC. W32/Korgo-Q will also
drop a DLL file with a random filename ending in 32 i.e. 32.dll. The
worm will inject this DLL into the explorer module in order to stealth
the file.
In order to run the DLL automatically, W32/Korgo-Q will register itself
as a Browser Help Object (BHO) by setting the following registry
entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
ShellExecuteHooks\(CLSID)
HKLM\SOFTWARE\Classes\CLSID\(CLSID)\InprocServer32\
(Default) =
The worm will also create the following registry branch:
HKLM\SOFTWARE\Microsoft\DataAccess\Database
W32/Korgo-Q may also download executables from remote locations.
Name W32/Rbot-MI
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
Prevalence (1-5) 2
Description
W32/Rbot-MI is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised
remote access to the infected computer via IRC channels while running in
the background as a service process.
W32/Rbot-MI spreads to network shares with weak passwords as a result of
the backdoor Trojan element receiving the appropriate command from a
remote user.
Advanced
W32/Rbot-MI is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised
remote access to the infected computer via IRC channels while running in
the background as a service process.
W32/Rbot-MI spreads to network shares with weak passwords as a result of
the backdoor Trojan element receiving the appropriate command from a
remote user.
W32/Rbot-MI copies itself to the Windows system folder as UPDATE32.EXE
and creates entries in the registry at the following locations to run
itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
M1cr0s0ft Upd4t4zS = update32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
M1cr0s0ft Upd4t4zS = update32.exe
The worm may also create the following registry entry:
HKCU\Software\Microsoft\OLE\
M1cr0s0ft Upd4t4zS = "update32.exe"
Name W32/Forbot-BA
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Prevalence (1-5) 2
Description
W32/Forbot-BA is a worm which attempts to spread to remote network
shares. It also contains backdoor Trojan functionality, allowing
unauthorised remote access to the infected computer via IRC channels
while running in the background as a service process.
Advanced
W32/Forbot-BA is a worm which attempts to spread to remote network
shares. It also contains backdoor Trojan functionality, allowing
unauthorised remote access to the infected computer via IRC channels
while running in the background as a service process.
W32/Forbot-BA copies itself to the Windows system folder as SysDebug.exe
and creates entries in the registry at the following locations so as to
run itself on system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Auto updat = "SysDebug.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Auto updat = "SysDebug.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Auto updat = "SysDebug.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
Auto updat = "SysDebug.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Auto updat = "SysDebug.exe"
W32/Forbot-BA also creates its own service with the display name "Auto
updat".
W32/Forbot-BA attempts to spread to network machines using various
exploits. W32/Forbot-BA may act as a proxy, delete network shares and
steal keys for various software products.
Name W32/Sdbot-QE
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Records keystrokes
* Installs itself in the Registry
Aliases
* Win32.SdBot.gen
* W32/Sdbot.worm.gen.i
* WORM_SDBOT.WP
Prevalence (1-5) 2
Description
W32/Sdbot-QE is a worm and backdoor for the Windows platform.
Advanced
W32/Sdbot-QE is a worm and backdoor for the Windows platform.
The worm component spreads to network shares protected by weak passwords
and computers infected with other backdoors.
The backdoor component connects to a predefined IRC server and waits for
commands from a remote attacker.
W32/Sdbot-QE copies itself to the Windows system folder as svchos.exe
and adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows Update = "svchos.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Windows Update = "svchos.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows Update = "svchos.exe"
W32/Sdbot-QE use keylogging and screen capturing techniques to steal
personal information such as user names and passwords.
--- MultiMail/Win32 v0.43
* Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)SEEN-BY: 633/267 270 @PATH: 123/140 500 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.