TechLifeForum

Full Version: Viruses using irc ...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I just found one by mistake on an old computer of mine. I am now writting from it.

Basically, what I found is this: http://anubis.iseclab.org/?action=result...call=first in C:\Users\XXX\AppData\Roaming

Basically, the virus uses irc to ... log in in a password protected channel. Interesting .

What do you think ?
I didn't click that link, but I'm starting to wonder if this logs into a password protected channel, if some other CTF group is the sole owner of this "virus" and it retrieves IRC logs from your computer to post them in that channel? lol

A virus that logs into a passworded IRC channel, seems odd by itself. I know you guys use IRC though for your meetings.

edit:
Quote:I am now writting from it.

What do you mean?
From that computer ...

EDIT: It isn't related with CTF. I use this computer for other thing. But it uses irc to see when I turn on my computer and the application is running so he can connect to it. Clever :)
Infected by a guy running an IRC Botnet maybe? I don't know
Code:
PASS serverpass

NICK [AUT|XP|ifbgkxy]

USER lcczz "" "lol" :lcczz

:irc.undernet.org NOTICE AUTH :*** Looking up your hostname...

:irc.undernet.org NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead

PING :B11519A0

PONG :B11519A0

:irc.undernet.org 001 [AUT|XP|ifbgkxy] :Welcome to the UnderNet IRC IRC Network [AUT|XP|ifbgkxy]!lcczz@64.31.35.134

:irc.undernet.org 002 [AUT|XP|ifbgkxy] :Your host is irc.undernet.org, running version Unreal3.2.10

:irc.undernet.org 003 [AUT|XP|ifbgkxy] :This server was created Fri Jan 11 2013 at 06:47:35 MSK

:irc.undernet.org 004 [AUT|XP|ifbgkxy] irc.undernet.org Unreal3.2.10 iowghraAsORTVSxNCWqBzvdHtGpI lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGjZ

:irc.undernet.org 005 [AUT|XP|ifbgkxy] CMDS=KNOCK,MAP,DCCALLOW,USERIP,STARTTLS UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=30 CHANLIMIT=#:30 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 :are supported by this server

:irc.undernet.org 005 [AUT|XP|ifbgkxy] MAXTARGETS=20 WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTGZ NETWORK=UnderNet-IRC CASEMAPPING=ascii EXTBAN=~,qjncrRa ELIST=MNUCT :are supported by this server

:irc.undernet.org 005 [AUT|XP|ifbgkxy] STATUSMSG=~&@%+ EXCEPTS INVEX :are supported by this server

:irc.undernet.org 251 [AUT|XP|ifbgkxy] :There are 1 users and 2127 invisible on 1 servers

:irc.undernet.org 253 [AUT|XP|ifbgkxy] 5 :unknown connection(s)

:irc.undernet.org 254 [AUT|XP|ifbgkxy] 8 :channels formed

:irc.undernet.org 255 [AUT|XP|ifbgkxy] :I have 2128 clients and 0 servers

:irc.undernet.org 265 [AUT|XP|ifbgkxy] 2128 3461 :Current local users 2128, max 3461

:irc.undernet.org 266 [AUT|XP|ifbgkxy] 2128 3461 :Current global users 2128, max 3461

:irc.undernet.org 422 [AUT|XP|ifbgkxy] :MOTD File is missing

:[AUT|XP|ifbgkxy] MODE [AUT|XP|ifbgkxy] :+iwRxG

JOIN #BrEnK lorzo819383

:[AUT|XP|ifbgkxy]!lcczz@36ED2F95.F79E30AE.A507ADBD.IP JOIN :#BrEnK

:irc.undernet.org 353 [AUT|XP|ifbgkxy] @ #BrEnK :[AUT|XP|ifbgkxy] @BrEnKeR

:irc.undernet.org 366 [AUT|XP|ifbgkxy] #BrEnK :End of /NAMES list.

PING :irc.undernet.org

PONG :irc.undernet.org

PING :irc.undernet.org

PONG :irc.undernet.org