OK I posted a while ago asking about the SubSeven trojan horse virus, I've just learned that the later versions of the virus dial-out when the victims computer is connected to the net, and that they dial to a IRC forum stating the User and Password codes for the client side of the virus, the IP address of the infected PC, the port its installed on and the version of SubSeven thats running.
My question is, is there a way to find these IRC chat rooms, learn of the infected systems and perhaps warn the users that are on them? Has anyone tried to block these hacking chat rooms, home to elite, zombie-bots and trojans?
Why doesnt anyone do anything about this?!?!?

------------------
Napster - Shoplifting, with a fraction of the guilt.

[This message has been edited by CrazyChef (edited 08-16-2001).]

And incidently, where would I be able to find an editor for executable files, so that I could rip this virus apart, see what makes it tick?

(I dont want to point out the odvious but i just want to LEARN about this sort of thing so as to better understand how to protect my system)

------------------
Napster - Shoplifting, with a fraction of the guilt.

I would use W32dasm to dissemble the programs into assembly. You could then edit the exe file using any hex editor. Some of the more popular bot source code can proably be found thru search engines given a little time. Most "hackers" don't right their own code, so if they can find the source files so can you.


If your going to dissemble exe files you should learn assembly language If you don't know it already.
You should also do a google search on "cracking" to learn how to dissemble programs using w32dasm,softice, and other tools.


As for the chat rooms most IRC programs will do searches for a chat room based on it's name. So searches on "hacker" "Cracker" ect.ect. might turn up something. Of course you could just display them all and scroll down the list. There is no way to prevent chat rooms from being created. However if one of the "founders" doesn't viste the room at least once every 3 days ( I think thats the limit) the room is removed from the IRC servers.

Some chat rooms are Invite only so even if you find them you may not be able to get in. If your going into these chat rooms I would recommend you learn as much as possible about how to issues commands to the IRC servers and how those servers work.
Could come in handy http://www.PCGuide.com/ubb/smile.gif

------------------
Comment heard from a Klingon programmer.

"Our users will know fear and cower before our software! Ship it! Ship it and let them flee like the dogs they are!"



[This message has been edited by Ghost_Hacker (edited 08-23-2001).]