Hello There, Guest!
View New Posts  |  View Today's Posts
Viruses using irc ...

  • 0 Vote(s) - 0 Average


02-12-2013, 03:58 PM #1
Florin
Junior Member
Team Reboot
Posts: 456 Threads:71 Joined: Dec 2011 Reputation: 14

Viruses using irc ...
I just found one by mistake on an old computer of mine. I am now writting from it.

Basically, what I found is this: http://anubis.iseclab.org/?action=result...call=first in C:\Users\XXX\AppData\Roaming

Basically, the virus uses irc to ... log in in a password protected channel. Interesting .

What do you think ?

02-12-2013, 04:03 PM #2
AceInfinity
Developer
*******
Administrators
Posts: 9,733 Threads:1,026 Joined: Jun 2011 Reputation: 76

RE: Viruses using irc ...
I didn't click that link, but I'm starting to wonder if this logs into a password protected channel, if some other CTF group is the sole owner of this "virus" and it retrieves IRC logs from your computer to post them in that channel? lol

A virus that logs into a passworded IRC channel, seems odd by itself. I know you guys use IRC though for your meetings.

edit:
Quote:I am now writting from it.

What do you mean?
This post was last modified: 02-12-2013, 04:11 PM by AceInfinity.


Microsoft MVP .NET Programming - (2012 - Present)
®Crestron DMC-T Certified Automation Programmer

Development Site: aceinfinity.net

 ▲
 ▲ ▲

02-12-2013, 04:41 PM #3
Florin
Junior Member
Team Reboot
Posts: 456 Threads:71 Joined: Dec 2011 Reputation: 14

RE: Viruses using irc ...
From that computer ...

EDIT: It isn't related with CTF. I use this computer for other thing. But it uses irc to see when I turn on my computer and the application is running so he can connect to it. Clever :)
This post was last modified: 02-12-2013, 04:44 PM by Florin.

02-12-2013, 10:55 PM #4
Predator
Staff
*****
Moderators
Posts: 2,488 Threads:427 Joined: Jun 2011 Reputation: 11

RE: Viruses using irc ...
Infected by a guy running an IRC Botnet maybe? I don't know


02-13-2013, 01:56 PM #5
Florin
Junior Member
Team Reboot
Posts: 456 Threads:71 Joined: Dec 2011 Reputation: 14

RE: Viruses using irc ...
Code:
PASS serverpass

NICK [AUT|XP|ifbgkxy]

USER lcczz "" "lol" :lcczz

:irc.undernet.org NOTICE AUTH :*** Looking up your hostname...

:irc.undernet.org NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead

PING :B11519A0

PONG :B11519A0

:irc.undernet.org 001 [AUT|XP|ifbgkxy] :Welcome to the UnderNet IRC IRC Network [AUT|XP|ifbgkxy]!lcczz@64.31.35.134

:irc.undernet.org 002 [AUT|XP|ifbgkxy] :Your host is irc.undernet.org, running version Unreal3.2.10

:irc.undernet.org 003 [AUT|XP|ifbgkxy] :This server was created Fri Jan 11 2013 at 06:47:35 MSK

:irc.undernet.org 004 [AUT|XP|ifbgkxy] irc.undernet.org Unreal3.2.10 iowghraAsORTVSxNCWqBzvdHtGpI lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGjZ

:irc.undernet.org 005 [AUT|XP|ifbgkxy] CMDS=KNOCK,MAP,DCCALLOW,USERIP,STARTTLS UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=30 CHANLIMIT=#:30 MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 :are supported by this server

:irc.undernet.org 005 [AUT|XP|ifbgkxy] MAXTARGETS=20 WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTGZ NETWORK=UnderNet-IRC CASEMAPPING=ascii EXTBAN=~,qjncrRa ELIST=MNUCT :are supported by this server

:irc.undernet.org 005 [AUT|XP|ifbgkxy] STATUSMSG=~&@%+ EXCEPTS INVEX :are supported by this server

:irc.undernet.org 251 [AUT|XP|ifbgkxy] :There are 1 users and 2127 invisible on 1 servers

:irc.undernet.org 253 [AUT|XP|ifbgkxy] 5 :unknown connection(s)

:irc.undernet.org 254 [AUT|XP|ifbgkxy] 8 :channels formed

:irc.undernet.org 255 [AUT|XP|ifbgkxy] :I have 2128 clients and 0 servers

:irc.undernet.org 265 [AUT|XP|ifbgkxy] 2128 3461 :Current local users 2128, max 3461

:irc.undernet.org 266 [AUT|XP|ifbgkxy] 2128 3461 :Current global users 2128, max 3461

:irc.undernet.org 422 [AUT|XP|ifbgkxy] :MOTD File is missing

:[AUT|XP|ifbgkxy] MODE [AUT|XP|ifbgkxy] :+iwRxG

JOIN #BrEnK lorzo819383

:[AUT|XP|ifbgkxy]!lcczz@36ED2F95.F79E30AE.A507ADBD.IP JOIN :#BrEnK

:irc.undernet.org 353 [AUT|XP|ifbgkxy] @ #BrEnK :[AUT|XP|ifbgkxy] @BrEnKeR

:irc.undernet.org 366 [AUT|XP|ifbgkxy] #BrEnK :End of /NAMES list.

PING :irc.undernet.org

PONG :irc.undernet.org

PING :irc.undernet.org

PONG :irc.undernet.org




Forum Jump:



Users browsing this thread: 1 Guest(s)