[unisog] IRC bot outbreaks

Wells, Cary cary.wells at ualberta.ca
Wed Jul 24 21:15:03 GMT 2002

we got tagged a while ago with the non admin passworded NT/2000 machines,
they got backdoored and had irc bots stuck on them.  I mostly just went and
deleted the 2 directories and killed the service.  I also did a mass sweep
of our directory and put passwords on anyonme machines that didn't have one
and waited for them to call me and ask why they couldn't login anymore, then
I educated them on passwords.  Sometimes just for fun I told them they got
hacked and lost everything but I usually only let that go for 5 minutes or

> -----Original Message-----
> From: Robert Dormer [mailto:rdormer at pobox.upenn.edu]
> Sent: Wednesday, July 24, 2002 12:29 PM
> To: unisog at sans.org
> Subject: [unisog] IRC bot outbreaks
> Hello all,
> I'm just curious to know - what experiences have you all had
> with backdoor trojans like netbus and subseven, and remote
> controlled IRC bots?  Specifically, have any of you suffered from
> large outbreaks of them, and if you did, how did you go about
> containing them and educating users and other administrators
> about them?
> Regards,
> Robert Dormer

More information about the unisog mailing list