Security Incidents mailing list archives
RE: IRC DDoS bots
From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Fri, 14 Mar 2003 14:17:41 -0500
Johannes Ullrich wrote Friday, March 14, 2003 12:56
It's another mIRC based DDoS trojan that scans for NT-Password and IIS unicode exploits. So the next questions is... How do we go about apprehending the culprits? Can we somehow get wxmail.net revoked?
IRC bots are a common plague. We do play 'whack the bot' once in a while if we find out about it. So far, I have yet to see a case successfully prosecuted.
One ray of hope: The "TK worm" botnet was hit in a cooperation between U.S. and British authorities. They arrested at least some of those responsible. The botnet was not shut down by the arrests, but there was some forward progress. TK worm was responsible for the ww.tk.gov queries that were common late last year. Like most botnets, it did not make a lot of news but it owned at least 18K computers and caused millions in damages. TK worm is a classic botnet, but it does use a worm component for unattended propagation. Here's the news story of the bust: http://www.theregister.co.uk/content/56/29221.html ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Current thread:
- IRC DDoS bots grwolf (Mar 14)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)
- RE: IRC DDoS bots James C Slora Jr (Mar 14)
- Re: IRC DDoS bots Jon Nelson (Mar 17)
- Re: IRC DDoS bots Johannes Ullrich (Mar 14)