Security Basics mailing list archives
RE: Possible virus?
From: Melvin Foong <melvin.foong () codebeat net>
Date: Wed, 17 Dec 2003 02:18:47 +0800
Hi Gene,I feel that this should go to Security Basic list as well, BCC your email for anonymity.
There are a few ways a determine that. First is from the MOTD (Message of the Day) that I have enclosed together with the original mail. At this moment of writing the mail, there are 11 other servers that are connected to the same network together to form what we called, the IRC network.
blacksheep.sf.us.addictz.net playboy.us.addictz.net blunt.trauma.ca.us.addictz.net blow.me.addictz.net noodpics.us.addictz.net bash.ca.us.addictz.net snagged.us.addictz.net casino.sf.us.addictz.net crack.whores.ca.us.addictz.net sexmuffin.shaved.clean.addictz.net emu.sf.us.addictz.netAs mentioned in Security Basics list, it could be a trojan horse. That I agree, but note that there are a lot more trojans out that there does this kind of connections, or having such "symtoms". Also, this could possibly be a legit client trying to connect to IRC, ie, in a library. Most of these trojan horse do not infect with your system files. Some onl infect your IRC client, like mIRC (http://www.mirc.com) and start using that as a medium to spread to other hosts. Usually these trojans will message other clients on the same network a URL, claiming it to be a porn website, where a tiny VB script is hidden at the website. (mIRC open IE whether if its your browser's defaults or not.) This is usually how the trojan spreads.
Creator of these trojans usually could control his infected clients, and always he does that by having the victim's machine to load another mirc client to join a secret channel, perhaps locked with a key as well. These could then be used to generate DDoS like traffic to take down other servers.
Or, it could just be someone on the network running an IRC client. 12:28 AM 12/17/2003, you wrote:
Hi Melvin, How did you determine that it was Addictz network? Gene
Thank you. Regards, Melvin Foong Mobile : +6012-6306890 Email : melvin.foong () codebeat nethttp://www.codebeat.net - Watch out for this space !
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Possible virus? Jennifer Fountain (Dec 15)
- Re: Possible virus? DRW Customer Service (Dec 15)
- RE: Possible virus? Mike (Dec 16)
- Re: Possible virus? Melvin Foong (Dec 15)
- Re: Possible virus? Devilscrow Sr (Dec 15)
- RE: Possible virus? Joey Peloquin (Dec 15)
- <Possible follow-ups>
- Re: Possible virus? Dinesh (Dec 15)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Spencer D'oro (Dec 18)
- RE: Possible virus? Srecko Jovancevic (Dec 16)
- RE: Possible virus? Melvin Foong (Dec 16)
- Re: Possible virus? DRW Customer Service (Dec 15)