**UPDATE** Since we first broke this story, I have some further info... It appears that the entire process of ssh'ing/telnet'ing to the machine that they have userids/passwords for is an automated process, perhaps scripted from several sources. The automated script has been preloaded with a vast list of username/passwords and server addresses and it systematically goes thru the list and ftp's the eggdrop and TCL tar files to the users directory. It then attempts to un tar and configure both programs, if it's successful, then it starts the eggdrop program and put it onto the IRC channel at EFNet. IF it's unsuccessful then someone(human) visits the machine via ssh/telnet and compiles the failed eggdrop or TCL programs manually and launches the eggdrop. We've seen evidence of this on 2 other machines. D. ======== ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 12:41:34 PST