IRC-Junkie.org – IRC News

Yesterday a group consisting of major Australian ISPs – amongst them are Optus, Telstra, Vodafone, AAPT, Virgin, Hutchison 3G as well as Facebook, Google and Microsoft – announced that they prepare “a voluntary industry code to come into force this year” which could mean that “Computers infected with viruses could be “expelled” from the internet”.

The Internet Industry Association, which is made up of over 200 ISP and IT-related companies, is preparing that code in response to an ultimatum of the federal government.

What many have suspected has now been confirmed – the root cause of the many netsplits on the freenode IRC network during the last days have been caused by ongoing DDoS attacks on their sponsors.

Freenode staffer JonathanD writes in their blogpost that they are experiencing a “heavy DDoS against several locations at which some of our servers are hosted. The attack is ongoing and cause a lot of disruption, both to users of the network and unfortunately to projects/companies/individuals whos infrastructure is hosted at the same locations as us” but also writes that they are “working hard to try curb the attacks as best they can.”

Despite being already over 5 years old, SDBot and its variants are still going strong and haven’t followed the decline that other similar threats have taken.

Using IRC as a control channel for botnets is one of the older, possibly even the oldest method around – the newer bots most of the time use either P2P or HTTP for their control, allowing them to be stealthier and harder to trace back than their IRC-using counterparts.

The folks at DroneBL discovered and analyzed a router-based botnet that is suspected to have DDoS’ed them for about 2 weeks.

The bot software, named “psyb0t”, is the “first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems”.

Exploiting routers is in some cases more “useful” than infecting PC’s – because “most people will keep the router on 24/7″ as opposed to their computers which “most people shut down [...] in the evening before they go to bed, or when they leave the office” nenolod writes.
In his paper (which was written back in 2006 and at that time he’s been “called looney for”) he also mentions another reason why targeting SOHO routers is a good idea:

Yesterday, the creator of a Botnet consisting of more than 100.000 Zombies has been arrested. The 19-year old Dutch and his 16-year old brother are said to be the botmasters of what once was a botnet peaking 150.000 compromised hosts…

Also arrested was a 35-year old Brazilian that wanted to buy the botnet for his malicious activities – at the price of 25.000€ (US$37.290). The bust was a cooperation between the Dutch High Tech Crime unit and other international forces such as the F.B.I.

The botnet spread on Windows Live Messenger without the help of exploits but using a social engineering approach.