[unisog] irc bots

Allen Chang allen at rescomp.berkeley.edu
Thu Apr 25 00:26:05 GMT 2002


This appears to be quite common recently. Try searching back for
"Coordinated Scan" and "Infected Windows Boxes with IRC Controlled
Trojans". At the residence halls at UC Berkeley, it appears to be a
darkIRC + gtbot compromise through null Administrator passwords on Windows
2k. Since the attacker has been opening the same port(46682) on the
compromised computers, we are considering scanning our networks for ips
with that port open.

@llen
Network Security
Residential Computing
UC Berkeley

On Wed, 24 Apr 2002, Robert Dormer wrote:

> Hello all,
>
> Here at the University of Pennsylvania, we've recently had
> a couple of outbreaks of machines compromised by IRC
> bots - trinoo, shaft, GTBot and their ilk.  Anyone else out
> there in unisog land having the same sorts of problems?
> What have you all run into when dealing with these things?
>
>
> Regards,
> Robert Dormer
>
> =============
> Information Security - University of Pennsylvania
> phone: (215) 573 - 4574
> email: rdormer at isc.upenn.edu
> security: security at isc.upenn.edu
>





More information about the unisog mailing list