www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: August 2006

Three Years Jail for DDoSer

Christopher Maxwell, 21, of Vacaville, California, has been sentenced to jail for three years. IRC-Junkie reported about him being charged in february of this year.

Aside of the hospital other networks that were affected included the department of defense and a California school district.

He would rent out his network to perform DDoS attacks, and the infected machines earned him money with showing advertisements.

The judge showed little sympathy for Maxwell, calling him “incredible self-centered” with little regard for the impact of his actions on others. She also wanted Maxwell to be set as “deterrence for all those youth out there who are squirreled away in their basements hacking”.

Defense attorney Steve Bauer hoped for probation and community service. In his defense he argued that Maxwell had no prior criminal record and that he never had thought his bot would spread so far.

Bali Bomber used IRC to Promote Terrorism

Indonesian police arrested two Indonesian men, Agung Setyadi (31) and M. Agung Prabowo (24), after they learned they have been chatting on IRC with Imam Samudra who is awaiting execution for organizing the Bali terrorist attack.

How Imam Samudra has exactly been able to connect to the Internet is not made public, but it in the Indonesian press it is thought that a laptop and GSM phone have been smuggled into the prison. Such items are disallowed possessions for prisoners however, and it is also unclear how the guards have not noticed these items afterwards.

Agung Setyadi is the brother of Adhitya Triyoga, who has previously been arrested for terrorist activity. Agung Setyadi has been lecturing computer science and information technology at an Indonesian university. Police said that Imam Samudra asked Agung Setyadi to buy a laptop with stolen credit card information (commonly called carding) which he refused. Eventually Agung Setyadi sent money to Adhitya Triyoga which he used to buy the laptop. A prison guard has been used to deliver the laptop.

The two met on IRC channels #cafeislam or #ahlulsunnah. The other man arrested has been helping Agung Setyadi to build a website called www.anshar.net. This site provided information on how to prepare a terrorist attack.

It is unknown what the effects of this will be. Was Imam Samudra able to recruit new members? Did he maintained his old network? Parliament members have pressed for an independent investigation but it looks the government is not willing to start one.

Winbot Goes Opensource

“Up until a few years ago, I maintained the project which you can find on this site: Winbot – A windows IRC bot. In 2005, the Winbot project dropped off the face of the earth due to the fact I no longer had time to maintain it, and was no longer using windows as my operating system. I have promised for quite a while now that I would release Winbot as open source, so here it is” Winbot developer Craig Edwards announced on the Winbot website.

Craig explained to IRC-Junkie why he stopped developing the project himself: “I had worked on the project practically by myself for almost five years, and i felt it had reached a point where it had all the features i wanted to add to it.” Added to this, he stopped using Windows as his OS for some time ago as well, making it hard to maintain development for it.

Other then maintaining the website for it (Craig plans to bring back a forum for example), he will pull himself back from development completely. “I will probably also provide help to people who want to make use of the code, such as explaining how parts of it work and why i made decisions to write certain parts of it as i did.”

The website moved to a new address, the old .co.uk domain is not yet pointing to the new location www.winbot.org, but should be at some point in the near future.

IRC-Junkie reviewed version 2.2 of Winbot back in September 2002.

“If someone learns new things from what i spent five years doing, then that would be great :)

MS06-040 Used by Botherders

Machines connected to the Internet and not having installed patch MS06-040 released by Microsoft last week are now vulnerable for being hijacked by a new worm, a variant of the Mocbot trojan. This first appeared in August 2005 as the Zotob-worm.

Security firms expect this worm-attack to grow like a big one, despite this worm seemingly only to attack Windows 2000 machines.

Once installed into the system, the bot will connect to an IRC server and wait there for commands from the dronemaster. The hosts in question are bbjj.househot.com:18067 and ypgw.wallloan.com:18067.

It is using the same IP and host for the IRC server as the original Zotob-worm, which are located in China. It is quite hard to get cooperation from Chinese owners to get such machines off line or cleaned.

Thanks to upinsmoke for the tip.