Re: Why attacker install irc after hacking?

[kalpin () solonet co id]

I don't think so. If attacker put psybnc after hacking because the
attacker want create free shell for him or his/her friends not for full
control. If s/he want like, the attacker can install like rootkit nor
phpshell (or cgi shell). Phpshell nor cgi shell is hard to find.

In short word, the attacker want use compromised machine to launch free
shell for bot/botnet/eggdrop/psy/bnc or even ircd.


Regards,


Kalpin Erlangga Silaen

> IRC is mainly served as the Command and Control(C&C) Tool after hacking.
> For example the hacker can send the command such as starting keylogger
> or initiate a email spam via the irc communication channel.
>
> A large number of botnets also use the irc as the communication channels
> as well. So if you see the irc installed after hacking, it is very
> likely your PC is part of a botnet.
>
> I think another reason IRC is choosen is because it is widely used, and
> the hacker is very familiar with it already.
>
> Monty Ree wrote:
> > Hello, all.
> >
> > I have operated linux server for a long time.
> > and I have found that some irc(psybnc etc) related program was installed
> > after scan or hacking.
> >
> > I can't understand Why attackers installed and executed irc program?
> > Why attackers use irc after hacking?
> > Just chatting is not...I guess..
> >
> >
> > Thanks in advance.
> >
> > _________________________________________________________________
> > Àü¼¼°èÀÎÀÌ ÇÔ²²ÇÏ´Â À¥ ¸ÞÀÏ ¼­ºñ½ºÀÎ MSN HotmailÀ» ¸¸³ª º¸¼¼¿ä.
> > http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc=1042
> >
> >
> >
> > -------------------------------------------------------------------------
> > This List Sponsored by: Webroot
> >
> > Don't leave your confidential company and customer records un-protected.
> > Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
> > obligation. See why so many companies trust Spy Sweeper Enterprise to
> > eradicate spyware from their networks.
> > FREE 30-Day Trial of Spy Sweeper Enterprise
> >
> > http://www.webroot.com/forms/enterprise_lead.php
> > --------------------------------------------------------------------------
>
>
> -------------------------------------------------------------------------
> This List Sponsored by: Webroot
>
> Don't leave your confidential company and customer records un-protected.
> Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
> obligation. See why so many companies trust Spy Sweeper Enterprise to
> eradicate spyware from their networks.
> FREE 30-Day Trial of Spy Sweeper Enterprise
>
> http://www.webroot.com/forms/enterprise_lead.php
> --------------------------------------------------------------------------


__________________________________________________
This Email Provided by http://www.solo.indo.net.id

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------