The Web    Google
6/14: Dansh.worm!irc an IRC Bot

6/14: Dansh.worm!irc an IRC Bot
June 14, 2004

W32/Dansh.worm!irc is an IRC bot that is intended to propagate via various mechanisms. Once running on the victim machine, the bot attempts to connect to a remote IRC server, and join a specific channel. Once connected, the bot is able to accept remote commands (via IRC) from the hacker(s). Such commands include:

--in order to propagate, the bot is able to scan IP ranges, looking for target machines. Vectors of propagation to these machines include:

  • poorly secured shares (targets IPC$ share)
  • MS04-011 vulnerability (CAN-2003-0533)
  • DcomRpc
  • MSSQL UDP vulnerability
  • open proxy on victim machine (http, socks)
  • download/execute remote file
  • open FTP server on victim machine

    Find out more at McAfee page.

  • Homeland Security Names First Privacy Czar
  • Virus Alert Activity Intensifies
  • Protecting Data While Protecting Your Job
  • Bagle Attack Picking up Speed
  • 5/11: Rbot-ACH Worm Spreads Via Shares
  • 8/17: Mydoom-T Copies Itself in Emails
  • 'Buffalo Spammer' Arrested
  • Interest In Intrusion Detection Boosts Security Spending
  • Bagle-BK Worm Downloads Code
  • Netsky-D Ranked as High Risk
  • A case study in security incident forensics and response.
  • Security Camera Companies and products