Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC-bots: what are they for ?

From: dbrumley () RTFM STANFORD EDU (David Brumley)
Date: Wed, 12 Jan 2000 13:08:18 -0800

Check out
http://www.stanford.edu/~dbrumley/Me/irc.txt for an article on IRC and
hackers (If you are a member of usenix, it was also in ;login recently).

Cheers,
david

On Wed, 12 Jan 2000, Jens Hektor wrote:


Hi,

is anybody out there who could explain to me why on nearly
every cracked machine I get in touch with the crackers
have installed IRC-bots, most of the time "eggdrop" ?

What practical use can taken by installing a bot on a cracked machine ?

Does it give any backdoors to the system (file access,
interactive access, monitoring, etc) ?

Is such a bot possibly part of a larger communication
infrastructure, maybe like the tfn/trinoo/stacheldraht
thingie  ?

In hope for clarification, irc-ignorant Jens Hektor



--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley () Stanford EDU
Phone: +1-650-723-2445    WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121    PGP: finger dbrumley-pgp () sunset Stanford EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
  Securing NT.  Insert Linux boot disk to continue......
            "I have opinions, my employer does not."
Previous By Date Next
Previous By Thread Next

Current thread: