www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: May 2006

Girls Receive Up To 25 Times More Malicious Chat

The University of Maryland conducted a survey with a result we probably all knew the outcome from in advance: woman and girls on IRC receive up to 25 times more sexually oriented chat requests then their male counterparts.

When using a nick that resembled a female name, the researchers received an average of 163 malicious requests per day, while chatting with a nick that did not show their gender only 4 to 25 times a day.

The females also received more files and links then their male counterparts in the research.

“Parents should consider alerting their children to these risks, and advising young people to create gender-free or ambiguous usernames,” said one of the researchers. “Kids can still exercise plenty of creativity and self-expression without divulging their gender.”

DDoS'er Convicted to 5 Years Jail

Jeanson James Ancheta, 20, of Downey, California, of which we reported about his arrest here, and him pleading guilty here, has heard his sentence from United States District Judge R. Gary Klausner in Los Angeles.

Judge Klausner, who characterized Ancheta’s crimes as “extensive, serious and sophisticated,” has sentenced him to 57 months in jail. After he completes his jail time, he will serve three years of supervised release. In this time his access to computers and the Internet will be limited. He will also have to pay 15000$ USD damages to the Weapons Division of the United States Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, and all his profits from the activities including a BMW have been forfeited.

Judge Klausner concluded the sentence with saying to Ancheta that “… your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this.”

Ancheta hired out his botnet to people who used it for example to perform DDoS attacks. He also made approximately 60000$ USD by having the compromised machines installing adware. He also caused damage in several Ministry of Defense computers.

The sentence Ancheta received has been the longest sentence ever for distributing computer viruses.

Blitzed Open Proxy Monitor Shuts Down

The Open Proxy Monitor which has been provided by the Blitzed IRC network has been shut down. The maintainer of the Blitzed OPM project Andy Smith, nicknamed grifferz, announced the closure earlier today in this email.

OPM was in use by IRC networks to check incoming connections for open proxies, often a sign of being a floodbot, drone or otherwise infected with spyware or virusses.

“We have completely failed to get in touch with our contact at the hosting company and don’t really want to escalate things there given the free nature of the hosting,” grifferz explained. The database was so large that it is near to impossible for the team to backup, or find a new location to continue the service. Added to that, most of the team members do not posses the time anymore to keep the service running.

“… recently (the last month or two) we started noticing problems that would indicate hardware fault, perhaps memory or disk controller,” grifferz explained to IRC-Junkie. “A bit over a week ago the server dropped off the network completely and since then we have been unable to get a response out of our contact there who set us up with the service.”

A lot of time from the team members was consumed by replying to abuse reports. To keep a reliable database, the team would proxyscan IPs listed to them, but by their nature, these scans look exactly like portscans resulting in abuse reports. “It is important to reply to these to assure people that we aren’t being abusive, because otherwise our sponsoring hosts would be blacklisted from much of the Internet,” grifferz explained.

“I am guessing that most IRC networks of any significant size used OPM,” grifferz said to IRC-Junkie. ” It is difficult to get exact figures as there isn’t any registration procedure.” The OPM was a popular alternative for IRC networks to other similar databases as OPM was oriented only to open proxies and not open mail relays. Also, IPs would be removed much faster from the database, especially if coming from dynamic (dialup-) ranges to prevent false positives.

IRC-Junkie asked grifferz if the service might return. “… we have lost some data that makes this a bit difficult and also we have to acknowledge that the project had been running without as much attention from us as it really required for around the last year.” If they can get in contact with the sponsoring company and get access to the data, the project might return in a timespan of 3 to 6 months. “Now this has happened it seems like a good time to step back and evaluate what we are doing here.”

A final word from grifferz; “I’d like to say thank you to all those who have supported the project, including those who have use BOPM and set it to report to us, other kinds of proxy reporters, and of course Erik Fears for writing the BOPM software and the proxy scanning library we used.”

“At this stage those in the IRC community still using the OPM DNS list should stop doing so, but we would appreciate if we could continue receiving reports if possible, for the time being.”

Thanks to Ed and Francisco for the tip.