Bugtraq mailing list archives
Re: Internet Wide DOS Attack using IRC
From: adamb1 () flash net (Paralyse)
Date: Fri, 2 Oct 1998 18:42:13 -0500
We did find an entry in his registry with the following setting: /microsoft/windowsexplorer/doc/find/spec/mru a) " " b) 5845 c) nfo d) bo e) nfo.zip f) winrar g) msvbvm60.dll h) loadwc i) stargate j) area51 mrulist) eadcbjihgf
Actually, this is the Most Recently Used files entry. A-J = the last files to be searched for using Find File, or Opened, or Saved - and the mrulist specifies the order in which they were used. This is how the history box in Find File works, and others. mIRC IRC Client 5.4 and above have the ability to create raw sockets - you can use the IRC client to open port 25 and check your mail, for instance, or to connect to any other port on a server, including port 80 - most likely this "trojan" is a line in a script that runs a timer which connects to the web site, sends HTTP commands, then kills the socket; every X number of seconds. I doubt this is sophisticated enough to modify the registry or otherwise change system behaviour. However, I'm not sure exactly what you could possibly do to prevent such an attack from occurring. -- Paralyse -=(webmaster () enforcers net)=- -=>-<=- Systems Technician, ICS Computers -=>-<=- if test ! "$clothed"="no" then touch woman | strip woman | make love | sleep; fi
Current thread:
- Re: Internet Wide DOS Attack using IRC Paralyse (Oct 02)
- <Possible follow-ups>
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Glenn Tucker (Oct 02)
- Re: Internet Wide DOS Attack using IRC Diane Bruce (Oct 02)
- Re: Internet Wide DOS Attack using IRC George Imburgia (Oct 03)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 03)