The Web    Google
6/14: Dansh.worm!irc an IRC Bot

6/14: Dansh.worm!irc an IRC Bot
June 14, 2004

W32/Dansh.worm!irc is an IRC bot that is intended to propagate via various mechanisms. Once running on the victim machine, the bot attempts to connect to a remote IRC server, and join a specific channel. Once connected, the bot is able to accept remote commands (via IRC) from the hacker(s). Such commands include:

--in order to propagate, the bot is able to scan IP ranges, looking for target machines. Vectors of propagation to these machines include:

  • poorly secured shares (targets IPC$ share)
  • MS04-011 vulnerability (CAN-2003-0533)
  • DcomRpc
  • MSSQL UDP vulnerability
  • open proxy on victim machine (http, socks)
  • download/execute remote file
  • open FTP server on victim machine

    Find out more at McAfee page.

  • Deceptive Duo Hacker Changes Plea
  • 9/7: Blueworm-D a Memory-Resident Worm
  • Sun, Partners Develop Security Appliances
  • 6/10: Agobot-JT Allows Unauthorized Access
  • Intellitactics Upgrades Security Manager Tool
  • 11/23: BackDoor-CLK Trojan Copies Itself
  • Exploring Windows 2003 Security: IP Security
  • AppRadar Supports Intrusion Detection for Enterprise Databases
  • Report: CEOs Stagnant on Security
  • 5/3: SymbOS/Locknut-C Infects Handsets
  • IM Threat Center Formed
  • Compare Security Camera Products