> Its an irc bot that is used to do distributed DoS attacks. The > IRC channel acts command center for all the bots. You could sniff the > traffic and figure out how to pretend to be irc bot to get into the > channel. After that you can get IP/userinfo of person controlling > all the bots. It probably came in email that you opened in outlook. The majority of the boxes I find infected with such bots have vulnerable IIS instances or world writable shares -- In addition to mail, might want to check you patch levels and share permissions too. -Blake
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:07:29 PDT