Security Incidents mailing list archives

Re: IRC -> smtp worm?

From: H C <keydet89 () yahoo com>
Date: Wed, 18 Dec 2002 08:00:37 -0800 (PST)

Is anyone aware of some kind of IRC worm that uses
SMTP servers to act
as a spy client or something like that?


I'm not sure what you mean by this.  After all, why
would an IRC worm need SMTP capability?  If the worm
causes the compromise system to connect to an IRC
channel, why would SMTP capability be needed?

Not that i consider this a serious issue ( from the
server side of
course ), but I'm curious on what's causing this
behaviour.


If you really are curious as to what is causing this
behaviour, I would suggest that you go back to your
IDS and identify the specific systems from which this
traffic originates, and then investigate those
systems.    Since you say that this traffic has been
picked up by your IDS, it's just common sense that the
sources of the traffic should be investigated.  


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

IRC -> smtp worm? Joao Gouveia (Dec 18)
- Re: IRC -> smtp worm? Þórhallur Hálfdánarson (Dec 18)
- Re: IRC -> smtp worm? H C (Dec 18)
- Re: IRC -> smtp worm? Eric Chien (Dec 18)