[PLUG] More trojan info

Charlie Schluting charlie at schluting.com
Tue Jun 24 10:30:02 UTC 2003


Stafford A. Rau wrote:
> * Charlie Schluting <charlie at schluting.com> [030624 09:50]:
> 
> 
>>Ya, port 6667 is IRC. So.. why are you using windows 98? And not even 
>>behind a firewall?
> 
> 
> I'm using Win98 because my daughter and I both enjoy pc games that are
> not available on any non-Windows platform.
>

You misunderstood. I use windows too.. I was asking specifically about 
win98.

> You obviously didn't comprehend the information I included about running
> tcpdump on the _firewall_. Perhaps you should read a little more
> carefully.

I Just didn't see the need to run tcpdump.

>>And talking about how your winders box got hacked on 
>>a linux users group list?
> 
> Why not? Particularly since I discussed using various Linux tools to
> examine what was going on. Did you happen to read this paragraph?
> 
>>>>Doing a "strings" on that executable shows conclusively that this is a
>>>>DDOS tool. Here are some of the relevant lines, and I hope this is
>>>>interesting for you all and not too off topic.

I breezed past this paragraph. Once i saw port 6667, I started reading 
faster since it was obviously an IRC bot. sorry :)

>>If you need to use windows.. at least install 
>>a version that isn't wide open for anyone to 0wn you (like 2k or XP ... 
>>but you still have to configure properly).
> 
> Mmmmm...yeah...thanks for the expert advice.

Well.. you needed some type of advice. Its obvious that a script kiddy 
was able to walk all over you.

--Charlie





More information about the PLUG mailing list