Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Suspicious joe.exe
From: Blake Frantz <blake () mc net>
Date: Thu, 2 Aug 2001 12:11:46 -0500 (CDT)



Its an irc bot that is used to do distributed DoS attacks. The
IRC channel acts command center for all the bots. You could sniff the
traffic and figure out how to pretend to be irc bot to get into the
channel. After that you can get IP/userinfo of person controlling
all the bots. It probably came in email that you opened in outlook.


The majority of the boxes I find infected with such bots have vulnerable
IIS instances or world writable shares -- In addition to mail, might want
to check you patch levels and share permissions too.

-Blake

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]