Security Incidents mailing list archives
Re: IRC -> smtp worm?
From: H C <keydet89 () yahoo com>
Date: Wed, 18 Dec 2002 08:00:37 -0800 (PST)
Is anyone aware of some kind of IRC worm that uses SMTP servers to act as a spy client or something like that?
I'm not sure what you mean by this. After all, why would an IRC worm need SMTP capability? If the worm causes the compromise system to connect to an IRC channel, why would SMTP capability be needed?
Not that i consider this a serious issue ( from the server side of course ), but I'm curious on what's causing this behaviour.
If you really are curious as to what is causing this behaviour, I would suggest that you go back to your IDS and identify the specific systems from which this traffic originates, and then investigate those systems. Since you say that this traffic has been picked up by your IDS, it's just common sense that the sources of the traffic should be investigated. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- IRC -> smtp worm? Joao Gouveia (Dec 18)
- Re: IRC -> smtp worm? Þórhallur Hálfdánarson (Dec 18)
- Re: IRC -> smtp worm? H C (Dec 18)
- Re: IRC -> smtp worm? Eric Chien (Dec 18)