Full Version: Viruses using irc ...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I just found one by mistake on an old computer of mine. I am now writting from it.

Basically, what I found is this: in C:\Users\XXX\AppData\Roaming

Basically, the virus uses irc to ... log in in a password protected channel. Interesting .

What do you think ?
I didn't click that link, but I'm starting to wonder if this logs into a password protected channel, if some other CTF group is the sole owner of this "virus" and it retrieves IRC logs from your computer to post them in that channel? lol

A virus that logs into a passworded IRC channel, seems odd by itself. I know you guys use IRC though for your meetings.

Quote:I am now writting from it.

What do you mean?
From that computer ...

EDIT: It isn't related with CTF. I use this computer for other thing. But it uses irc to see when I turn on my computer and the application is running so he can connect to it. Clever :)
Infected by a guy running an IRC Botnet maybe? I don't know
PASS serverpass

NICK [AUT|XP|ifbgkxy]

USER lcczz "" "lol" :lcczz NOTICE AUTH :*** Looking up your hostname... NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead

PING :B11519A0

PONG :B11519A0 001 [AUT|XP|ifbgkxy] :Welcome to the UnderNet IRC IRC Network [AUT|XP|ifbgkxy]!lcczz@ 002 [AUT|XP|ifbgkxy] :Your host is, running version Unreal3.2.10 003 [AUT|XP|ifbgkxy] :This server was created Fri Jan 11 2013 at 06:47:35 MSK 004 [AUT|XP|ifbgkxy] Unreal3.2.10 iowghraAsORTVSxNCWqBzvdHtGpI lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGjZ 005 [AUT|XP|ifbgkxy] CMDS=KNOCK,MAP,DCCALLOW,USERIP,STARTTLS UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=30 CHANLIMIT=#:30 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 :are supported by this server 005 [AUT|XP|ifbgkxy] MAXTARGETS=20 WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTGZ NETWORK=UnderNet-IRC CASEMAPPING=ascii EXTBAN=~,qjncrRa ELIST=MNUCT :are supported by this server 005 [AUT|XP|ifbgkxy] STATUSMSG=~&@%+ EXCEPTS INVEX :are supported by this server 251 [AUT|XP|ifbgkxy] :There are 1 users and 2127 invisible on 1 servers 253 [AUT|XP|ifbgkxy] 5 :unknown connection(s) 254 [AUT|XP|ifbgkxy] 8 :channels formed 255 [AUT|XP|ifbgkxy] :I have 2128 clients and 0 servers 265 [AUT|XP|ifbgkxy] 2128 3461 :Current local users 2128, max 3461 266 [AUT|XP|ifbgkxy] 2128 3461 :Current global users 2128, max 3461 422 [AUT|XP|ifbgkxy] :MOTD File is missing

:[AUT|XP|ifbgkxy] MODE [AUT|XP|ifbgkxy] :+iwRxG

JOIN #BrEnK lorzo819383

:[AUT|XP|ifbgkxy]!lcczz@36ED2F95.F79E30AE.A507ADBD.IP JOIN :#BrEnK 353 [AUT|XP|ifbgkxy] @ #BrEnK :[AUT|XP|ifbgkxy] @BrEnKeR 366 [AUT|XP|ifbgkxy] #BrEnK :End of /NAMES list.