Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why attacker install irc after hacking?

From: Michal Mlotek <mlotek () foobar pl>
Date: Thu, 20 Apr 2006 23:10:14 +0200 (CEST)


On Thu, 20 Apr 2006, Monty Ree wrote:


Hello, all.

I have operated linux server for a long time.
and I have found that some irc(psybnc etc) related program was installed after scan or hacking. 

I can't understand Why attackers installed and executed irc program?
Why attackers use irc after hacking?
Just chatting is not...I guess..
You're close. IRC in this case is a way for controlling hacked system. It is more simple to control many such systems via IRC than to connect each one. When you have a group of systems listening for commands you do not have to burden yourself with giving commands separatedly, no need for checking how many systems has been repaired etc. You just control one IRC channel.
Of course it is possible to do that another way, but why bother if you have ready tool in your grasp 


Thanks in advance.

You're welcome.

--
Michal Mlotek
All my opinions are my opinions.

-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. 
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: