Rooted, the facts.

Looking around several irc networks you will inevitably see bots in most of the wares channels. You know the sort, something with the nick Wares-[-0001-] amd the like. Now basically for those people who dont know what a bot is, its basically this: a hacked computer with a fast connection has a rootkit put on it. This rootkit contains many files and all are slightly different, but on the whole they all do the same job. They install mirc on the target computer, and then set it to serve files automatically to the leechers (people that download) The most common form of rooting is through a program called radmin. Radmin is a perfectly legitimate program that has many uses in business. With radmin you can basically take full control over a target pc that has radmin installed.

There is a password option with the radmin server and if this is set, then the pc is secure (well a lot more secure). The problem is, in certain areas, radmin is pre-installed into a pc before it leaves the shop, WITH NO PASSWORD ON IT!!! Now as you have guessed, this pc is now open for anyone to control that has radmin. The user can be on the pc at the time and usually he wont know anyone is there, a hacker can even watch exactly what the user is doing!!

Scary!

The hacker will have many scan bots, which will scan an ip range for installed versions of radmin on remote machines, that have no password. So basically the lesson is this... Dont put a remote administrator program that lets anyone in with no password!!!!

If you need this program, PUT A PASSWORD ON IT!! We will never be 100% secure either on the internet or on IRC. But we can still do a lot to combat things like this.

Bazz www.simplify.zoomshare.com

Author: Bazz Network administrator. http://www.simplify.zoomshare.com