Security Incidents mailing list archives
Re: IRC-bots: what are they for ?
From: dbrumley () RTFM STANFORD EDU (David Brumley)
Date: Wed, 12 Jan 2000 13:08:18 -0800
Check out http://www.stanford.edu/~dbrumley/Me/irc.txt for an article on IRC and hackers (If you are a member of usenix, it was also in ;login recently). Cheers, david On Wed, 12 Jan 2000, Jens Hektor wrote:
Hi, is anybody out there who could explain to me why on nearly every cracked machine I get in touch with the crackers have installed IRC-bots, most of the time "eggdrop" ? What practical use can taken by installing a bot on a cracked machine ? Does it give any backdoors to the system (file access, interactive access, monitoring, etc) ? Is such a bot possibly part of a larger communication infrastructure, maybe like the tfn/trinoo/stacheldraht thingie ? In hope for clarification, irc-ignorant Jens Hektor
-- #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# David Brumley - Stanford Computer Security - dbrumley () Stanford EDU Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley Fax: +1-650-725-9121 PGP: finger dbrumley-pgp () sunset Stanford EDU #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# c:\winnt> secure_nt.exe Securing NT. Insert Linux boot disk to continue...... "I have opinions, my employer does not."
Current thread:
- Re: Port 4, (continued)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Philipp Buehler (Jan 11)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)
- Re: Port 4 Boris Badenov (Jan 11)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Port 4 Sean Sosik-Hamor (Jan 11)