Security Basics mailing list archives
Re: Why attacker install irc after hacking?
From: kalpin () solonet co id
Date: Sat, 22 Apr 2006 11:22:43 +0700 (WIT)
I don't think so. If attacker put psybnc after hacking because the attacker want create free shell for him or his/her friends not for full control. If s/he want like, the attacker can install like rootkit nor phpshell (or cgi shell). Phpshell nor cgi shell is hard to find. In short word, the attacker want use compromised machine to launch free shell for bot/botnet/eggdrop/psy/bnc or even ircd. Regards, Kalpin Erlangga Silaen
IRC is mainly served as the Command and Control(C&C) Tool after hacking. For example the hacker can send the command such as starting keylogger or initiate a email spam via the irc communication channel. A large number of botnets also use the irc as the communication channels as well. So if you see the irc installed after hacking, it is very likely your PC is part of a botnet. I think another reason IRC is choosen is because it is widely used, and the hacker is very familiar with it already. Monty Ree wrote:Hello, all. I have operated linux server for a long time. and I have found that some irc(psybnc etc) related program was installed after scan or hacking. I can't understand Why attackers installed and executed irc program? Why attackers use irc after hacking? Just chatting is not...I guess.. Thanks in advance. _________________________________________________________________ Àü¼¼°èÀÎÀÌ ÇÔ²²ÇÏ´Â À¥ ¸ÞÀÏ ¼ºñ½ºÀÎ MSN HotmailÀ» ¸¸³ª º¸¼¼¿ä. http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc=1042 ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
__________________________________________________ This Email Provided by http://www.solo.indo.net.id ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: Why attacker install irc after hacking?, (continued)
- Re: Why attacker install irc after hacking? Gregory Boyce (Apr 21)
- Re: Why attacker install irc after hacking? Brian Beck (Apr 21)
- Re: Why attacker install irc after hacking? Philippe De Ryck (Apr 21)
- RE: Why attacker install irc after hacking? Network Security (Apr 21)
- Message not available
- Fwd: Why attacker install irc after hacking? Ben Alexander (Apr 21)
- Re: Why attacker install irc after hacking? Michal Mlotek (Apr 21)
- RE: Why attacker install irc after hacking? Murad Talukdar (Apr 21)
- Re: Why attacker install irc after hacking? KarMax (Apr 21)
- RE: Why attacker install irc after hacking? Goran Pizent (Apr 21)
- Re: Why attacker install irc after hacking? xun dong (Apr 21)
- Re: Why attacker install irc after hacking? kalpin (Apr 24)
- Re: Why attacker install irc after hacking? jacco (Apr 21)
- Re: Re: Why attacker install irc after hacking? oldgrue (Apr 21)
- RE: Why attacker install irc after hacking? Jordan.Dallas (Apr 21)