Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Internet Wide DOS Attack using IRC
From: boldi () BUDAPEST HU (Bencsath Boldizsar)
Date: Sat, 3 Oct 1998 00:40:39 +0200


So, we can declare, that this should be a BACK ORIFICE attack, which is
often distributed on ICQ & IRC as a game, or something like that.
BO has several feautres, like plugins, which can be used to notify the
"owner,distributor" of the "BO server" about the new ip number of the
If the distributor is using defaults, e.g. no password set, and port 31337
is used, then the unix client can be used to inform the user by a system
dialogbox about the attack, but - it is funny- most people think it's a
joke, that his machine is open, or they think, if they get this message,
that someone tries to attack their computer by this fake news..

Anyway, it's true, there is a (or more?) bo "remover" tool, which doesn't
removes bo, just puts on another port..

So with the default install, it is also possible to get out the users'
email from their registry file, like Blizzard did it some times ago, and
then write some serious email about the removal of this tool.

But, it's not easy to do this, if a password is set on the client. And the
distribution is another problem: If someone will put BO in some install
packages of true softwares, which can be distributed by anything, CD in a
magazine, or by the internet - this will infect many many computers. And
even virus scanners are not used by everyone.

And this is the point when Microsoft made serious mistakes. Write software
for everybody, which is so easy to manage, that you don't need anybody's
help, and so you don't need to know anything about your computer? The the
dialup resellers: They don't say You: Hey, You are in some kind of risk,
if you are connected.
So, many many people don't want to know anything about their computer, and
this is a big trap.

And if we found solutions for BO, anything like disabling in routers, ...,
there is still chance, that anybody else can write programs like that.
Smarter ones.

All I can say , that it's far more important to let the people know about
this kind of attack, than it was by the first virii of the pc.
Imagine a big company with a bad intranet, and a silly secretary who gets
this file, and some secrets of the company is landing at the other
company's side..

Bencsath Boldizsar
boldi () inf bme hu boldi () rulez org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]