Detecting IRC controled trojans
Results 1 to 3 of 3

Thread: Detecting IRC controled trojans

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Detecting IRC controled trojans

    There's an intersting article I found on securityfocus:
    http://online.securityfocus.com/infocus/1605


    This brings an interstring question: while we push for more encryption, it also makes detection with NIDSs... I guess a solution might be to favor distributed IDSs with central managment/logging. Some vendors are already pushing this but open source world doesn't seem to be catching on to this...

    Ammo

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    ammo, this may be of interest to you, it’s a paper on the analysis of an IRC trojan.

    Sorry i don't remember where i got it from!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    That paper is online here. It was written as part of Lenny Zeltser's GCIH certification prcess. In other words, it was written for SANS. His homepage is http://www.zeltser.com/ . He has some neat toys and some other really good papers on his site, including one about intrusion detection.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •