Security Basics mailing list archives

RE: Why attacker install irc after hacking?

From: "Goran Pizent" <goran.pizent () ekobit hr>
Date: Fri, 21 Apr 2006 09:05:07 +0200

After they (intruders) install their tools (Trojans, Rootkits etc) on
hacked box, then the usual way to create a Botnet (where your hacked box is
just one in thousands) is through IRC.

Every Bot notifies its Master of its existance through password protected
IRC channel. On the same IRC channel every bot recieves its orders, e.g.
Distributed Denial of Service Attack on victim, or execute any kind of
attack through owned box/boxes.

Goran



-----Original Message-----
From: Monty Ree [mailto:chulmin2 () hotmail com] 
Sent: Thursday, April 20, 2006 6:56 AM
To: security-basics () securityfocus com
Subject: Why attacker install irc after hacking?

Hello, all.

I have operated linux server for a long time.
and I have found that some irc(psybnc etc) related program was installed 
after scan or hacking.

I can't understand 
Why attackers installed and executed irc program?
Why attackers use irc after hacking?
Just chatting is not...I guess..


Thanks in advance.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.    
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc
=1042 
 


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Re: Why attacker install irc after hacking?, (continued)
- - Re: Why attacker install irc after hacking? Mario Platt (Apr 21)
    - Re: Why attacker install irc after hacking? Frynge Customer Support (Apr 24)
- Re: Why attacker install irc after hacking? Gregory Boyce (Apr 21)
- Re: Why attacker install irc after hacking? Brian Beck (Apr 21)
- Re: Why attacker install irc after hacking? Philippe De Ryck (Apr 21)
- RE: Why attacker install irc after hacking? Network Security (Apr 21)
- Message not available
  - Fwd: Why attacker install irc after hacking? Ben Alexander (Apr 21)
- Re: Why attacker install irc after hacking? Michal Mlotek (Apr 21)
- RE: Why attacker install irc after hacking? Murad Talukdar (Apr 21)
- Re: Why attacker install irc after hacking? KarMax (Apr 21)
- RE: Why attacker install irc after hacking? Goran Pizent (Apr 21)
- Re: Why attacker install irc after hacking? xun dong (Apr 21)
  - Re: Why attacker install irc after hacking? kalpin (Apr 24)
- Re: Why attacker install irc after hacking? jacco (Apr 21)
- Re: Re: Why attacker install irc after hacking? oldgrue (Apr 21)
- RE: Why attacker install irc after hacking? Jordan.Dallas (Apr 21)