Re: Why attacker install irc after hacking?

[Gregory Boyce <gboyce () akamai com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Monty Ree wrote:
> Hello, all.
>
> I have operated linux server for a long time.
> and I have found that some irc(psybnc etc) related program was installed
> after scan or hacking.
>
> I can't understand Why attackers installed and executed irc program?
> Why attackers use irc after hacking?
> Just chatting is not...I guess..

Monty,

Hackers often use IRC for two activities:

1) Talking to other hackers
2) Controlling botnets

Since both of these activities can get them in trouble, they prefer not
to come from their own IP address.  PsyBNC is an IRC connection bouncer.
 They can connect to psyBNC on your machine before connecting to an IRC
server, and any investigation into who they are will end at your system
instead of their own.

Or better yet, use a series of connection bouncers to make it even more
difficult to track them down.

- --
 Gregory Boyce | gboyce () akamai com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFER+LnRy7J/ecQa/MRAsMOAJ9h7LwB9G/dz4Vu2kej+8Lpu4dStwCfVT2K
fWGp1Ebb5fv79QTHsQAYUJ0=
=naJL
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------