Re: Trojan? DDOS Bot?

From: Dragos Ruiu (dr@kyx.net)
Date: 08/27/02

• Previous message: Erik Sperling Johansen: "Re: Trojan? DDOS Bot?"
• In reply to: Janus@etoast.com: "Trojan? DDOS Bot?"
• Next in thread: Michael J McCafferty: "Re: Trojan? DDOS Bot?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Dragos Ruiu <dr@kyx.net>
To: <Janus@etoast.com>, incidents@securityfocus.com
Date: Tue, 27 Aug 2002 11:39:44 +0000

On August 27, 2002 08:22 am, Janus@etoast.com wrote:
> I recogniced some weird connections from my box (w98)
> to other computers. As soon as i connect to the
> internet a connection from local port 1026 to port 6667
> on 65.185.135.125 was established. I connected to that
> server and it is an irc server (MusIRC Internet Relay
> Chat Network). I found a bot using my adress with a
> random name made up of letters.

0wn4g3 details ommitted...

> I couldnt find a freeware tool to find out which
> process is using this specific irc connection, nor did
> a scan with f-prot or housecall or panda reveal any
> viral or trojan activity.
>
> Any help or info would be really appreciated. Thanks in
> advance
>

lsof will be your friend on unixes:-)
(LS Open Files)

For MS products as I assume you are using
from the MIRC usage, check out the excellent tools
the folks at www.sysinternals.com put out.
(My thanks to them if they are reading
for they are truly useful to me...)

There was another lsof like tool for windows
called "inzider" you might want to look at too...

cheers,
--dr

-- 
dr@kyx.net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---

• Previous message: Erik Sperling Johansen: "Re: Trojan? DDOS Bot?"
• In reply to: Janus@etoast.com: "Trojan? DDOS Bot?"
• Next in thread: Michael J McCafferty: "Re: Trojan? DDOS Bot?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Wireless Internet and wireless network ... Wireless Internet is the answer ... group of computers, it also gives flexibility to share single internet ... connection, work files, images, spreadsheets and documents, If you are ... How WLANs Work? ... (comp.security.firewalls) Re: Sharing a wireless connection with other computers ... I have 3 computers, one has a wireless internet card, the ... What I am trying to do is share the internet connection ... (microsoft.public.windowsxp.network_web) Re: Wireless Laptop connections dropping intermittently ... trying to type my response in, because my connection keeps dropping. ... You state that the Internet drops but you are connected. ... problem but that the Connection is lost between the computer and the Router. ... and see how the computers behave under such conditions. ... (microsoft.public.windows.vista.networking_sharing) Re: No Sharing Button After Installing Internet Connection Sharing ... button is missing from the Internet Options dialog box. ... connection that I want to share with another Windows XP computer. ... Right-click your dial-up connection. ... To connect the computers using a router, ... (microsoft.public.windowsxp.network_web) Re: Windows Networking Problem caused by ICS? ... And all the computers have ... "Internet Gateway Device Discovery and Control Client" installed. ... connection in "Network Connections." ... (microsoft.public.windowsxp.network_web)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2002-08