[PLUG] More trojan info
Charlie Schluting
charlie at schluting.com
Tue Jun 24 10:30:02 UTC 2003
Stafford A. Rau wrote:
> * Charlie Schluting <charlie at schluting.com> [030624 09:50]:
>
>
>>Ya, port 6667 is IRC. So.. why are you using windows 98? And not even
>>behind a firewall?
>
>
> I'm using Win98 because my daughter and I both enjoy pc games that are
> not available on any non-Windows platform.
>
You misunderstood. I use windows too.. I was asking specifically about
win98.
> You obviously didn't comprehend the information I included about running
> tcpdump on the _firewall_. Perhaps you should read a little more
> carefully.
I Just didn't see the need to run tcpdump.
>>And talking about how your winders box got hacked on
>>a linux users group list?
>
> Why not? Particularly since I discussed using various Linux tools to
> examine what was going on. Did you happen to read this paragraph?
>
>>>>Doing a "strings" on that executable shows conclusively that this is a
>>>>DDOS tool. Here are some of the relevant lines, and I hope this is
>>>>interesting for you all and not too off topic.
I breezed past this paragraph. Once i saw port 6667, I started reading
faster since it was obviously an IRC bot. sorry :)
>>If you need to use windows.. at least install
>>a version that isn't wide open for anyone to 0wn you (like 2k or XP ...
>>but you still have to configure properly).
>
> Mmmmm...yeah...thanks for the expert advice.
Well.. you needed some type of advice. Its obvious that a script kiddy
was able to walk all over you.
--Charlie
More information about the PLUG
mailing list