[unisog] Infected windows boxes with IRC controlled trojans onthem
flynngn at jmu.edu
Thu Apr 11 13:06:14 GMT 2002
Allen Chang wrote:
> I'm not too savvy with IRC but it probably isn't too hard to jump in the
> IRC channel that is used for the gtbot control and watch the botmaster
> control and possibly trace the IP even.
Ideally, I would think it would be more desirable to notify law enforcement
of the channel so they can set up a "sting" operation and wait for the
controller to connect. Granted, the controller is likely using a compromised
computer and law enforcement will likely have to backtrack but ultimately
its really law enforcement that is going to have to take this thing by the
handle and track down the culprits if we're ever to stop this random vandalism.
Cutting off ISP accounts isn't much of a deterrent.
Security Engineer - Technical Services
James Madison University
More information about the unisog