– IRC News

All about Internet Relay Chat

Nessun: "Because I Could"

Nessun, owner of the Rizon IRC network, has been named before on this website as source of DDoS attacks. IRC-Junkie was unaware that one of the three suspects reported about in the “FBI Arrests Three Botherders” article written 10 days ago, namely Jason Michael Downey, is in fact the same Nessun.

Downey, 24, has pleaded guilty for operating a botnet and computer fraud. Asking his reasons behind performing DDoS attacks U.S. District Judge Nancy G. Edmunds heard his reply: “I was doing it because I could, more than anything,” Downey replied. “It was a dumb thing to do.”

With a plea agreement he can face up to 24 months in prison and pay a $40,000 fine. A total of $21,000 may have to be paid to cover costs resulted from his attacks.

Downey will hear his sentence on October 10th.

FBI Arrests Three Botherders

With the arrest of three suspect botherders the FBI discovered botnets that consist of about a million infected machines worldwide. Amongst the charges for the three are spamming and infecting IT systems at hospitals.

The operation took place under the name “Operation Bot Roast”, which is an on-going operation to hunt down botnets and their owners.

Among the three men arrested is Robert Soloway from Seattle, a long time spam king. Another man, Downey, controlled his botnet consisting of Agobot infected machines from an IRC server and performed DDoS attacks.

The FBI will try and warn the 1 million owners of infected machines and point them to safe computing practices.

IRC Still Most Used Platform for Botnets

Although botnet masters increasingly use platforms other then IRC to command their zombie networks, it remains the biggest platform in use to date.

These botnets are being used by malicious users to perform DDoS attacks, collect personal data such as banking info and creditcard details and for example to use as a base to send spam. The machines used in the botnets are usually compromised home PC’s.

About 75% of the software used in botnets consists of Sdbot and Gaobot. “This dominance is not so much due to any special features of Gaobot or Sdbot, but simply because their code is much more widely available on the Internet. This means that any criminals that want to make a bot can simply base it on the source code of these threats, making any modifications they choose. Essentially, this saves them a lot of work,” said Luis Corrons, technical director at PandaLabs.

IRC networks have been very active in hunting and shutting down botnets. Also security software such as firewalls increasingly warn users for IRC traffic, adding to the chance that the compromised machine is being cleaned. To prevent detection, the botnets increasingly are making use of HTTP, normal website traffic which is far less being looked suspiciously at. Also peer-to-peer type of networks are now in use.

“Control through IRC is useful for controlling isolated computers. However, this system is not so useful when it comes to botnets. By using HTTP, bot herders can control many more computers at the same time, and can even see when one of them is online or if the commands have been executed correctly,” Corrons continued.

Fyle/Anatoly Admits Guilt

Bringing criminals to justice takes time, a lot of time. Back in October 2004 we reported about the arrest of Fyle/Anatoly, who was causing havoc on the Darkmyst network, as well as many others.

Fyle/Anatoly, named Richard C. Honour of Kenmore, Washington and 30-years-old, was arrested in suspicion of writing viruses which were being spread by trying to trick IRC users in using malicious links. A total of 21 networks had to deal with it and prevent innocent users from being infected.

The goal of the virus was to collect personal information in order to abuse for financial gain.

Honour has pleaded guilty for the count of spreading viruses.

He will hear his sentence in May, and if convicted can get up to 5 years of jail and a $250,000 fine.

Mac's are Controlling Windows Systems

“What huh? Another platform evangelist?”, I can hear you ask. No, don’t worry, although, with the lack of realism some computers owners you might have to worry.

Mac OSX users long thought they were immune to attacks targeting their systems. This year however has seen quiet a few attacks towards OSX systems that opened the eyes of many ‘into’ OSX. In November Apple patched 31 vulnerabilities including a 0-day exploit.

Since then, more vulnerabilities have been found, including malware trying to exploit these.

For these Mac OSX users there is still something positive to be found in systems recently found infected and abused by such malware however. The systems in question were being used to host an IRC server which in turn was being used to control other infected machines, yes you guessed it already, which are computers using Windows as the OS.

Source: ZDNet