Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC-bots: what are they for ?

From: bonk () WILDSTAR NET (The Undernet Bonk)
Date: Wed, 12 Jan 2000 15:15:25 -0600

On Wed, 12 Jan 2000, Jens Hektor wrote:


Hi,

is anybody out there who could explain to me why on nearly
every cracked machine I get in touch with the crackers
have installed IRC-bots, most of the time "eggdrop" ?


First off, 'eggies' are a useful 'tool' in the 'script kiddie' world.
they like to show off with their newly 'cracked' box and running eggies on
them is something often seen.



What practical use can taken by installing a bot on a cracked machine ?



See above.


Does it give any backdoors to the system (file access,
interactive access, monitoring, etc) ?



Depends on the script.  Often it does.


Is such a bot possibly part of a larger communication
infrastructure, maybe like the tfn/trinoo/stacheldraht
thingie  ?



Indeed.  There's something called 'emech' or Energy Mech that permits
these kiddies to like a 'bot-net' across a large network or several
networks at the same time.  with the way Trin00/TFN works, I wouldn't
doubt if they can send a single command to launch such a denial of service
as they can do that to 'flood' a single user from *many* different bots
with different user@host's.


In hope for clarification, irc-ignorant Jens Hektor



================================================
Travis
AKA BONK
Email: Bonk () Undernet Org | Bonk () Wildstar Net
================================================
Previous By Date Next
Previous By Thread Next

Current thread: