Hacker Program Found

Impact

This advisory indicates that a hacker program has been detected on the scanned host. This advisory will only be generated when SARA is in the extreme attack mode.

Background

This warning refers to a hacker program called BNC, which is a simple program designed to proxy IRC sessions. It is user configurable using the file bnc.conf to set incoming and outgooing ports, user ID, and password. Hackers use this program to prove to their community that they have hacked into the target computer.

The Problem

This warning does not point out a vulnerability in and of itself. But, it does indicate that the target system may have been compromised, and that a vulnerability may exist on the system. In order to run the bnc program, a hacker must have interactive access to the target system.

Resolution

The first step is to kill the BNC program. The next step is to search the system for evidence of a hacker's presence. After determining that a hacker is not currently accessing the system, run a full check of the system to determine how the hacker gained access and eliminate any existing vulnerabilities.