[unisog] IRC bot outbreaks

Chris Stoermer stoermer at unt.edu
Thu Jul 25 19:22:58 GMT 2002


We have had a small handful of these.  All were running from winnt\config.  We don't have a definite exploit method, but we have a couple of theories...all dealing with Windows Networking.  Our procedure in all cases was to image the exploited machine so we can peruse at will and then rebuild.

We also do periodic sweeps to snoop for known exploit services.

--Chris

>>> Robert Dormer <rdormer at pobox.upenn.edu> 07/24/02 01:29PM >>>
Hello all,

I'm just curious to know - what experiences have you all had
with backdoor trojans like netbus and subseven, and remote
controlled IRC bots?  Specifically, have any of you suffered from
large outbreaks of them, and if you did, how did you go about
containing them and educating users and other administrators
about them?


Regards,
Robert Dormer







More information about the unisog mailing list