Security Basics mailing list archives

Re: Why attacker install irc after hacking?

From: xun dong <xundong () cs york ac uk>
Date: Fri, 21 Apr 2006 11:57:34 +0100

IRC is mainly served as the Command and Control(C&C) Tool after hacking.
For example the hacker can send the command such as starting keylogger
or initiate a email spam via the irc communication channel.

A large number of botnets also use the irc as the communication channels
as well. So if you see the irc installed after hacking, it is very
likely your PC is part of a botnet.

I think another reason IRC is choosen is because it is widely used, and
the hacker is very familiar with it already.

Monty Ree wrote:

Hello, all.

I have operated linux server for a long time.
and I have found that some irc(psybnc etc) related program was installed 
after scan or hacking.

I can't understand Why attackers installed and executed irc program?
Why attackers use irc after hacking?
Just chatting is not...I guess..


Thanks in advance.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.    
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc=1042 



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Re: Why attacker install irc after hacking?, (continued)
- - - Re: Why attacker install irc after hacking? Frynge Customer Support (Apr 24)
- Re: Why attacker install irc after hacking? Gregory Boyce (Apr 21)
- Re: Why attacker install irc after hacking? Brian Beck (Apr 21)
- Re: Why attacker install irc after hacking? Philippe De Ryck (Apr 21)
- RE: Why attacker install irc after hacking? Network Security (Apr 21)
- Message not available
  - Fwd: Why attacker install irc after hacking? Ben Alexander (Apr 21)
- Re: Why attacker install irc after hacking? Michal Mlotek (Apr 21)
- RE: Why attacker install irc after hacking? Murad Talukdar (Apr 21)
- Re: Why attacker install irc after hacking? KarMax (Apr 21)
- RE: Why attacker install irc after hacking? Goran Pizent (Apr 21)
- Re: Why attacker install irc after hacking? xun dong (Apr 21)
  - Re: Why attacker install irc after hacking? kalpin (Apr 24)
- Re: Why attacker install irc after hacking? jacco (Apr 21)
- Re: Re: Why attacker install irc after hacking? oldgrue (Apr 21)
- RE: Why attacker install irc after hacking? Jordan.Dallas (Apr 21)