Irc rootkit

***groovicus*** · December 13th, 2003, 10:51 PM

Ok, in that case I can provide a few links that can get you started.... identifying rootkits is not something you are going to learn about in a day.

http://linux.oreillynet.com/pub/a/li.../rootkits.html
http://www.l0t3k.org/security/docs/rootkit/

If you are already compromised, you are due for a fresh install anyway.

**GrApHiCTrOn** · December 13th, 2003, 10:54 PM

another sugestion stop the doble posting use the edit botton

**JAsoN74185** · December 13th, 2003, 10:56 PM

thank you very much, but is there a specfic one that happens to be used in irc? cause im almost positive thats what i have i mean how else could i be cloned when i join irc? i havent looked at ur sites yet but im just sayin i kno its gotta be one affiliated with irc

ok ill stop double

***groovicus*** · December 13th, 2003, 11:02 PM

No offense, but I'm going to let you find out on your own. All rootkits have some basic similarities, and reading the material I provided you with will help you identify if you have been had.

Any root kit can be modified to do essentially anything...the source code is readily available..

You don't get a rootkit to check for rootkits..however I have been toying with the idea of modifying root kits to detect their own presence. Those pages also have tools available which would help you.

As I stated before, if you are already owned, the only way you can know for sure your system is clean is to reformat and reinstall... using the tools you find will give you a good indication if you have been rooted.

**JAsoN74185** · December 13th, 2003, 11:04 PM

thank you very much i think ill take your advice

**mandraketux** · December 14th, 2003, 12:55 AM

Originally posted here by groovicus
EDIT: Ok, this is a protection site, not a hacking site...please read the FAQ...and maybe delete this post unless you feel like you need a few negs....just some friendly advice.

Actually it IS a hacking site. You cant protect against what you cant understand. and quit believing the damn news media whores saying hacking is destroying, that is NOT it. what you MEANT to say was, this is not a CRACKING site.

**|The|Specialist** · December 14th, 2003, 01:50 AM

Originally posted here by mandraketux
Actually it IS a hacking site.

Please stop. You will only turn this place into happyhacker or blackcode.com or some kinda crap like that. This site is much more better than that. And when terms like that get tossed around boards often get flooded with children who know nothing but they feel a need to join a crowd and label themselves as something. I don't call myself a hacker... as far as I can tell the peaple I hang out with here on AO don't... I think the term is nothing but a way for childish idiots to feel good about themselves for minor computer related tasks.

To say that I have been associated with these peaple... self proclaimed "hackers" is just offending to me.

**Turmoil** · December 14th, 2003, 09:50 AM

Ok, rootkits for IRC? I thought that rootkits were only used on Unix and Linux systems... I remeber hearing somewhere that there was a windows one.. but from what this article said, they were a rarity... My knowledge about such things is limited... As for what people use to gain control of other people systems on IRC... Simple, they use trojans, like sub 7, ect... Its really lame, and the people who do it often try to pass themselves off as genius hackers, but in fact they are lame-o's who are lazy, malicious and like to brag alot.

***groovicus*** · December 14th, 2003, 03:44 PM

The advice still stands...reformat, reinstall...doesn't matter what it is.

**|The|Specialist** · December 14th, 2003, 10:11 PM

Turmoil, if you've ever taken a good look around NT based systems then you should already know the answer to that. And there are many NT root kits. But as for being "rare"... actually yes and no. Compaired with the millions of billions of other malware floating around yes.

Thread: Irc rootkit

Thread Tools

Display

Posting Permissions