RE: Why attacker install irc after hacking?

After they (intruders) install their tools (Trojans, Rootkits etc) on
hacked box, then the usual way to create a Botnet (where your hacked box is
just one in thousands) is through IRC.

Every Bot notifies its Master of its existance through password protected
IRC channel. On the same IRC channel every bot recieves its orders, e.g.
Distributed Denial of Service Attack on victim, or execute any kind of
attack through owned box/boxes.

Goran



-----Original Message-----
From: Monty Ree [mailto:chulmin2@xxxxxxxxxxx]
Sent: Thursday, April 20, 2006 6:56 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Why attacker install irc after hacking?

Hello, all.

I have operated linux server for a long time.
and I have found that some irc(psybnc etc) related program was installed
after scan or hacking.

I can't understand
Why attackers installed and executed irc program?
Why attackers use irc after hacking?
Just chatting is not...I guess..


Thanks in advance.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc
=1042



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Relevant Pages

  • RE: Why attacker install irc after hacking?
    ... Usually when the hack has installed some malware, it will report back to a specific IRC channel and wait for the owner to enter any commands. ... Why attacker install irc after hacking? ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: Low Resoures warning
    ... File, then rebooting, then set it to System Managed Size and reboot. ... That will allow you to download and install Spy ... shields that Spy Sweeper has, which is really for use AFTER you have been infected. ... fine for months, haven't installed anything crazy, yada yada yada. ...
    (microsoft.public.windowsxp.general)
  • Re: Why attacker install irc after hacking?
    ... given over IRC. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... See why so many companies trust Spy Sweeper Enterprise to ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: Why attacker install irc after hacking?
    ... Why attackers installed and executed irc program? ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... eradicate spyware from their networks. ... FREE 30-Day Trial of Spy Sweeper Enterprise ...
    (Security-Basics)
  • Re: MS Homepage and Anti-Spyware
    ... I don't have any Anti-Spyware installed, yet, but intend to install a ... copy of Spy Sweeper that was given to me for Father's Day. ... Try starting up in Safe Mode, Spysweeper shouldn't launch. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
Loading