Security Incidents mailing list archives
Re: IRC-bots: what are they for ?
From: bonk () WILDSTAR NET (The Undernet Bonk)
Date: Wed, 12 Jan 2000 15:15:25 -0600
On Wed, 12 Jan 2000, Jens Hektor wrote:
Hi, is anybody out there who could explain to me why on nearly every cracked machine I get in touch with the crackers have installed IRC-bots, most of the time "eggdrop" ?
First off, 'eggies' are a useful 'tool' in the 'script kiddie' world. they like to show off with their newly 'cracked' box and running eggies on them is something often seen.
What practical use can taken by installing a bot on a cracked machine ?
See above.
Does it give any backdoors to the system (file access, interactive access, monitoring, etc) ?
Depends on the script. Often it does.
Is such a bot possibly part of a larger communication infrastructure, maybe like the tfn/trinoo/stacheldraht thingie ?
Indeed. There's something called 'emech' or Energy Mech that permits these kiddies to like a 'bot-net' across a large network or several networks at the same time. with the way Trin00/TFN works, I wouldn't doubt if they can send a single command to launch such a denial of service as they can do that to 'flood' a single user from *many* different bots with different user@host's.
In hope for clarification, irc-ignorant Jens Hektor
================================================ Travis AKA BONK Email: Bonk () Undernet Org | Bonk () Wildstar Net ================================================
Current thread:
- Re: Port 4, (continued)
- Re: Port 4 Philipp Buehler (Jan 11)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)