[Intrusions] IRC bot on MacOS
Roger Roberts
roger.roberts at gmail.com
Sat Apr 23 12:34:22 GMT 2005
Andrew,
Not sure if you have looked for files that were
Modified/Accessed/Created in the simular time frame as the psybnc.
This would possibly give you some idea if there are other files that
are associated/installed.
Also if the hard drive can be mounted from another OS like linux that
would be another good way to see if there are other files that may be
hidden by the Mac OS. I am pretty sure a dd would work for a image
creation even if it is live/running, since Mac is based on BSD.
RWR
On 4/22/05, Benjamin Koch <BK-D at gmx.de> wrote:
> Hello Donald,
>
> The program called "psybnc" is an IRC bouncer - also known as an
> "IRC proxy".
> It is only for hiding the original IP address of the user connected to
> the IRC network, keep a channel or the user IRC modes.
> It is also useful because it is like an "answerphone" for offline
> users.
>
> It contains no malicious code - i use it too (for security reasons...)
>
> The only matter to be suspicious to this kind of program is:
> You or an other friendly person with local/ssh access didn't install it.
> Maybe it is an intruder's work to use your MAC sys as a proxy for
> maybe a Botnet controlling channel.
>
> Best solution is to check if this is installed by a friend or
> intruder.
> See the psybnc.conf in the installed directory for more informations:
> Login data, network and channel names where the bouncer is active are saved
> there.
>
> I hope i could help you
>
> --
> Best regards,
> Benjamin mailto:BK-D at gmx.de
>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list