Security Basics mailing list archives
Re: Why attacker install irc after hacking?
From: xun dong <xundong () cs york ac uk>
Date: Fri, 21 Apr 2006 11:57:34 +0100
IRC is mainly served as the Command and Control(C&C) Tool after hacking. For example the hacker can send the command such as starting keylogger or initiate a email spam via the irc communication channel. A large number of botnets also use the irc as the communication channels as well. So if you see the irc installed after hacking, it is very likely your PC is part of a botnet. I think another reason IRC is choosen is because it is widely used, and the hacker is very familiar with it already. Monty Ree wrote:
Hello, all. I have operated linux server for a long time. and I have found that some irc(psybnc etc) related program was installed after scan or hacking. I can't understand Why attackers installed and executed irc program? Why attackers use irc after hacking? Just chatting is not...I guess.. Thanks in advance. _________________________________________________________________ 전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요. http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc=1042 ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: Why attacker install irc after hacking?, (continued)
- Re: Why attacker install irc after hacking? Frynge Customer Support (Apr 24)
- Re: Why attacker install irc after hacking? Gregory Boyce (Apr 21)
- Re: Why attacker install irc after hacking? Brian Beck (Apr 21)
- Re: Why attacker install irc after hacking? Philippe De Ryck (Apr 21)
- RE: Why attacker install irc after hacking? Network Security (Apr 21)
- Message not available
- Fwd: Why attacker install irc after hacking? Ben Alexander (Apr 21)
- Re: Why attacker install irc after hacking? Michal Mlotek (Apr 21)
- RE: Why attacker install irc after hacking? Murad Talukdar (Apr 21)
- Re: Why attacker install irc after hacking? KarMax (Apr 21)
- RE: Why attacker install irc after hacking? Goran Pizent (Apr 21)
- Re: Why attacker install irc after hacking? xun dong (Apr 21)
- Re: Why attacker install irc after hacking? kalpin (Apr 24)
- Re: Why attacker install irc after hacking? jacco (Apr 21)
- Re: Re: Why attacker install irc after hacking? oldgrue (Apr 21)
- RE: Why attacker install irc after hacking? Jordan.Dallas (Apr 21)