Security Incidents mailing list archives
Re: IRC-bots: what are they for ?
From: jens () SE LINUX ORG (Jens Hjalmarsson)
Date: Wed, 12 Jan 2000 21:57:55 +0100
Bots are mostly used in "takeovers" and wars on IRC. Almost all mIRC-Warriors have them, and uses them to flood other people, and protect themselves against takeovers by the other takeover-groups out there.
Does it give any backdoors to the system (file access, interactive access, monitoring, etc) ?
You can use .tcl exec command inside the bot to execute a comand on the remote system. You can also read files and such, but only as the user running the bot.
Is such a bot possibly part of a larger communication infrastructure, maybe like the tfn/trinoo/stacheldraht thingie ?
It CAN be by running a TCL-script on it, but mostly they only have scripts for IRC-based DoS attacks. /Jens
Current thread:
- Port 4, (continued)
- Port 4 Arne Vidar Sjønøs (Jan 09)
- Re: Port 4 Keith Owens (Jan 10)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Philipp Buehler (Jan 11)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Port 4 Arne Vidar Sjønøs (Jan 09)