Vulnerability Development mailing list archives
Re: Suspicious joe.exe
From: Blake Frantz <blake () mc net>
Date: Thu, 2 Aug 2001 12:11:46 -0500 (CDT)
Its an irc bot that is used to do distributed DoS attacks. The IRC channel acts command center for all the bots. You could sniff the traffic and figure out how to pretend to be irc bot to get into the channel. After that you can get IP/userinfo of person controlling all the bots. It probably came in email that you opened in outlook.
The majority of the boxes I find infected with such bots have vulnerable IIS instances or world writable shares -- In addition to mail, might want to check you patch levels and share permissions too. -Blake
Current thread:
- Suspicious joe.exe Reb (Aug 01)
- Re: Suspicious joe.exe Rikul (Aug 02)
- Re: Suspicious joe.exe Blake Frantz (Aug 02)
- Re: Suspicious joe.exe Felix Huber (Aug 02)
- Re: Suspicious joe.exe Josh Smith (Aug 02)
- RE: Suspicious joe.exe Haul (Aug 02)
- RE: Suspicious joe.exe Reb (Aug 02)
- <Possible follow-ups>
- RE: Suspicious joe.exe Petruzel, Oliver (Aug 02)
- RE: Suspicious joe.exe Reb (Aug 02)
- RE: Suspicious joe.exe Mark L'Italien (Aug 02)
- RE: Suspicious joe.exe Bo Stark (Aug 02)
- Re[2]: Suspicious joe.exe Greg Wirth (Aug 03)
- RE: Suspicious joe.exe Mark L'Italien (Aug 02)
- RE: Suspicious joe.exe Haul (Aug 02)
- Re: Suspicious joe.exe Rikul (Aug 02)