IRC-Junkie.org - IRC News

Yesterday, the creator of a Botnet consisting of more than 100.000 Zombies has been arrested. The 19-year old Dutch and his 16-year old brother are said to be the botmasters of what once was a botnet peaking 150.000 compromised hosts…

Also arrested was a 35-year old Brazilian that wanted to buy the botnet for his malicious activities - at the price of 25.000€ (US$37.290). The bust was a cooperation between the Dutch High Tech Crime unit and other international forces such as the F.B.I.

The botnet spread on Windows Live Messenger without the help of exploits but using a social engineering approach.

An 18-year-old New Zealand suspect has been arrested in a botnet case. He is suspected of controlling a botnet consisting over 1 million infected computers and having caused nearly 13.5 Euro million in damages.

The botnet consists of AKBot worm infected machines. The botnet has been used to attack IRC networks, security companies and the University of Philadelphia.

“He is extremely clever”, said Maarten Kleintjes, head of the computer criminality department.

He is also acused of leading a worldwide network called the A-Team with members from New Zealand, Holland and the USA. New Zealand police worked togheter with the FBI on this arrest, codenamed “AKILL”.

As a recent post also indicated, botnets are considered one of the main Internet security threats. Researchers from the Georgia Institute of Technology have proposed a new piece of software that can detect botnets, named BotSniffer.

It is hard to detect botnets, as they make use of existing protocols such as IRC in ways that it makes it hard to distinguish them from ‘normal’ users.

The researchers explain: “Our approach is based on the observation that, because of the pre-programmed activities related to C&C (command & control, ed.), bots within the same botnet will likely demonstrate spatial-temporal correlation and similarity.”

Security Service Provider Arbor Networks studied the amount of junk traffic over the total sum of Internet traffic, and found some remarkable figures when it comes to IRC traffic.

Over the past 1,5 year the company analyzed data of 70 ISP’s. The findings show that on average 4% of all traffic is junk, such as spam and DDoS attacks topping 1,5TB of data, per second.

Of this 4%, on average 1300 DDoS attacks daily makes halve of the junk traffic. But on occasions, DDoS can make 5% of the total Internet traffic. Of the monitored DDoS attacks the majority consists of TCP SYN floods and ICMP floods targeted to IRC servers.

Many people wish to have their own IRC network. Once a basic network is setup they advertise the network to gain users, in the hope many will find and start using it. But what if they abuse your good intentions and start using your infrastructure to host bots engaged in illegal activities? Then things can start to become a real life nightmare. In this article we follow Dewd, from network admin to a suspect criminal with a 10 year prison sentence hanging above his head.