www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: January 2006

VoIP Becomes the New Hideout for Drones

The Communications Research Network (CRN) issued a statement where they warn that VoIP will become the next generation technology to command bot nets.

The technology of VoIP allows the botnet masters to hide their identity completely making it nearly impossible to trace the origin of DDoS attacks, unlike the current way most botnets are commanded such as over IM networks or IRC.

The CRN recommends the use of open protocols to prevent this abuse.

VoIP networks are often encrypted as well, to maximize the privacy of the users on the network, as well as to prevent ISP’s filtering the traffic in favor of their own VoIP services.

DDoS'er Pleaded Guilty

Jeanson James Ancheta, 20, of Downey, California, who was arrested in November of last year (we reported on his arrest here) has pleaded guilty to the charges of assembling a botnet, spamming, spreading of malicious software and profiting from these activities by selling services related to the botnet such as performing DDoS attacks.

Among the machines he infected and included in his botnet where computers at the Weapons Division of the United States Naval Air Warfare Center and machines operated by the U.S. Department of Defense.

The U.S. Attorney’s office showed that Ancheta modified and disseminated a trojan horse program called rxbot. With this trojan he created a botnet which he commanded from an IRC channel.

Ancheta admitted that he earned approximately $3,000 by selling services performed with his botnet. He also admitted in earning $60,000 by having approximately 400,000 machines downloading and installing adware.

Ancheta will have to pay $15,000 to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency to cover damages. Also the $60,000 earned and a BMW and computer equipment will be forfeited.

Ancheta will hear his sentence on the 1st of May, and might face up to 25 years in prison.

After the recent bust in the Netherlands, this is the second major operation against DDoS’ers showing a genuine growing interest of governments around the world to tackle this growing problem.

Major Piracy Bust in Europe (updated 27 Jan 2006)

Tuesday morning at around 10 AM police entered the homes of about 300 individuals in Germany, Austria, Holland, Poland and the Czech Republic. Thirty individuals have been arrested in this action and 20 servers have been confiscated.

According to the German anti-piracy organization GVU the goal of this action was the top-level warez organizations, the so-called ‘top servers’. It are these servers where pirated movies, software and music are first available to a selected few after which they spread down the line and become available to the general public on p2p networks, news groups and IRC.

According to the GVU, who led the bust, several key piracy groups have been eliminated such as Unreality, DRAGON and Cinemaniacs. Rumors on the Internet also speak of servers being confiscated at these groups: RELOADED, KNIGHTS, TFCiSO, Cinemaniacs, German-Friend, ParadieseBeach and Klapsmuehle.

The GVU has said in a  press release that the biggest bust was done in Vienna, Austria where one server has been confiscated with 28 separate harddrives connected to the server with optic cable, offering a total of 4 terabyte space.

Although GVU is convinced  that they made a severe blow to these groups, it is usually thought that shortly after such busts the top people who have not been arrested will pull them self back from the scene, and people further down the line will organize them self again after a few months to continue the operation.

Update: Heise.de is reporting what some of the people have been adding as comments to this post already. It seems that the actions taken by the GVU them self have been very questionable themself.

German police have raided an office of the GVU in Hamburg and a personal house of a ‘high profile’ employee of the organization.

The GVU is supposed to have contributed hardware and money to one of the ‘top sites’ admins in change of logfiles. Rumors are even going around that the GVU supplied pirated titels. The German police have said in a statement about the raid that it was performed to ‘verify’ the evidence given by the GVU.

mIRC Local DCC Issue: Exploit, Vulnerability or Neither?

mIRC has seen issues with DCC exploits in the past. In December of last year another possible exploit/vulnerability has been announced on SecurityFocus IRC-Junkie initially decided not to post about since its significance was so minor. However, this issue seems to ruffle up feathers across several forums now.

The issue is described as a local mIRC buffer overflow initiated over DCC. “The code executed are with current user privileges,anyway this bug could be dangerous in universities, cyber coffees, schools and any location with restrictions. Adding/editing filters to locate the specified folder for the files”, the announcement on SecurityFocus reads.

A few days ago this thread popped up on mIRC’s forum. Khaled, coder of mIRC, edited the first post contain a URL to the C code with proof of concept with the text:

“As far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC. The author of the report seems to have over-complicated his report by saying that any malicious software on your computer can modify your mIRC settings to cause mIRC to crash. But if you have malicious software on your computer, you’ve already compromised your security…”

Crowdat Kurobudetsu, the original author of the report at SecurityFocus, has emailed Khaled the 29th of November last year but got no reply. He eventually posted the report on the 20th of December 2005.

mIRC versions vulnerable to this local issue include the latest version 6.16. Although the severity of this issue seems minimal, the general consensus seems to be a desire for this bug to be fixed.

edit: A reliable source that wishes to remain anonymous told IRC-Junkie that currently a new version (version numbered 6.17) is being tested that might fix this issue.

Politician uses IRC in Political Campaign

Peter Ashdown, Senatorial Candidate for the US state of Utah is using IRC in his campaign.  Ashdown is opposing Senator Orrin Hatch.

Ashdown is not unknown in the Internet territory, as he is the founder of Xmission, Utah’s largest ISP, founded in 1993.

In the campaign regular chat sessions will be held which are being announced over a mailinglist and can be followed over a webchat or over an IRC server.