[unisog] Infected windows boxes with IRC controlled trojans onthem

Gary Flynn flynngn at jmu.edu
Thu Apr 11 13:06:14 GMT 2002


Allen Chang wrote:
> 
> I'm not too savvy with IRC but it probably isn't too hard to jump in the
> IRC channel that is used for the gtbot control and watch the botmaster
> control and possibly trace the IP even.

Ideally, I would think it would be more desirable to notify law enforcement 
of the channel so they can set up a "sting" operation and wait for the 
controller to connect. Granted, the controller is likely using a compromised 
computer and law enforcement will likely have to backtrack but ultimately 
its really law enforcement that is going to have to take this thing by the 
handle and track down the culprits if we're ever to stop this random vandalism. 
Cutting off ISP accounts isn't much of a deterrent.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list