Re: Suspicious joe.exe

From: Blake Frantz (blakeat_private)
Date: Thu Aug 02 2001 - 10:11:46 PDT

  • Next message: John Thornton: "Remote DoS for pcAnywhere 9.2"

    > Its an irc bot that is used to do distributed DoS attacks. The
    > IRC channel acts command center for all the bots. You could sniff the
    > traffic and figure out how to pretend to be irc bot to get into the
    > channel. After that you can get IP/userinfo of person controlling
    > all the bots. It probably came in email that you opened in outlook.
    
    The majority of the boxes I find infected with such bots have vulnerable
    IIS instances or world writable shares -- In addition to mail, might want
    to check you patch levels and share permissions too.
    
    -Blake
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:07:29 PDT