Steve Bernard sbernard at gmu.edu
Mon Aug 18 17:35:53 GMT 2003

We are finding a lot of Microsoft boxes which are trying to join the IRC
channel #rpcwhore, but that show no other outward signs of compromise or
vulnerability. So far, all connection attempts have been to either or I can't find any mention of "rpcwhore" via
Google, Yahoo, etc.. Given that these boxes aren't being used for warez or
the like I am assuming that they are DDoS agents. I haven't gotten a box to
analyze yet. Has anyone else seen this before?


Steve Bernard
Sr. Systems Engineer, NET
George Mason University
Fairfax, Virginia

More information about the unisog mailing list