MS06-040 Botnets

Viewing 4 reply threads
  • Author
    Posts
    • #687
      oleDB
      Participant

      Anybody else see any significant activity?

      We had quite abit and had to block access to 7 different IRC servers, most in Korea but some in China. It was based off of Rbot and issued commands to have the infected computers scan on both 139 and 445 for targets. It also spread via open or weak shares. The funny thing is that it had a rootkit component which was probably the easiest rootkit to remove that I’ve ever seen. It didn’t make that many reg changes and was zapped instantly by our AV. Overall, it wasn’t hardly able to do any damage to the machines, however did generate alot of noisy scan activity. Another unique thing about this bot was that it was running its IRC on channel on port 443 to try to hide in the normal SSL traffic, but it stood out like a sore thumb. ISC is reporting an NT version of this, however I’m thinking that its just a target of opportunity because its no longer supported. Hope you don’t have any NT still running 🙂

    • #10170
      Anonymous
      Participant

      if you have NT running, you are just plain wrong…

    • #10171
      tmartin
      Participant

      Then many businesses are dead wrong. Some systems won’t run on upgraded OSes. NT will be around for at least another 5 years. Until the systems go down due to an attack.

    • #10172
      Don Donzal
      Keymaster

      In my work at the university, we have a number of labs that are attached to older lab equipment that simply won’t run on anything newer than NT. But the equipment still does viable work for the investigators. To mitigate problems, we have removed their NICs. They complain and insist that internet access is crucial. When we explain that it’s either no network or no lab results, we quickly learn how internet access was optional and not essential.

      So yes, there are still some valid uses of NT, but you have to be careful out there.

      Don

    • #10173
      Anonymous
      Participant

      @tmartin wrote:

      Then many businesses are dead wrong. Some systems won’t run on upgraded OSes. NT will be around for at least another 5 years. Until the systems go down due to an attack.

      yes those business are dead wrong and they shouldnt be on the net

      Don, takes the right approach if you have a system that only runs on NT it shouldnt be on the net. 

      guess i should have been a little more specific in my reply.  believe me i understand, work had to pay a couple of thousand dollars to have some build a “new” 486 P2 computer because the software would only run on Windows 98!  i didnt say NT wasnt useful but running any unsupported OS is a bad idea, IMO, from a security standpoint.  especially if they are tied to internal or trusted networks.  there are safe ways to do it but most people probably dont.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?