Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Suspicious joe.exe

Re: Suspicious joe.exe

From: Blake Frantz <blake_at_mc.net>
Date: Thu, 2 Aug 2001 12:11:46 -0500 (CDT)

> Its an irc bot that is used to do distributed DoS attacks. The
> IRC channel acts command center for all the bots. You could sniff the
> traffic and figure out how to pretend to be irc bot to get into the
> channel. After that you can get IP/userinfo of person controlling
> all the bots. It probably came in email that you opened in outlook.

The majority of the boxes I find infected with such bots have vulnerable
IIS instances or world writable shares -- In addition to mail, might want
to check you patch levels and share permissions too.

-Blake
Received on Aug 02 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos