www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: April 2007

Undernet Re-implements Multiple Logins on X

Undernet introduced multiple logins a few years ago to be forthcoming to users who had to login from work while their home connection was still running for example. In this article however the decision had to be made to remove the functionality again as users were abusing the feature by having bots flood channel that had the +r flag set. The flag requires users to be logged in to join a channel.

Undernet user, and #help op Eenie did not settle with the decision however and started a petition and website in September 2006. “Five hundred and seventy (570) users signed it”, Eenie said to IRC-Junkie.

As a member from #help Eenie had to deal with the quirks of an unstable connection and the time waiting until her other connection pinged-out. On average 10 minutes. “Being an op in some high visibility help channels made me a target of people who have nothing better to do than cause havoc to others”, without the hostmasking DDoS is a real threat.

Despite the response on the petition Eenie got little response back from CService. “Undernet’s Channel Service Coordinator never replied to any of my messages or my emails concerning this issue at all. As one can see from the Undernet Forum posts from a few CService reps, some agreed, some disagreed with our effort.  I never heard of any official stand from CService.”

Eenie got in contact with the coders of the services where she got a few listening ears. “I believe most of the credit goes to the coders who took our plight seriously and worked to get this implemented for us.”

Eventually, success. “About nine months later, on April 18, 2007, the new X feature was unveiled. Seems the wheels of Undernet turn slowly, but in this case, they turned to our benefit!”

Finally, as a member of #help Eenie unveils the workings of the new feature; “A user can now login a second connection to his username without having maxlogins of 2, provided that he/she uses the same IP to connect. If he/she is running ident’d, they must use the same userID for both connections. If they are not running ident’d, they can make the second connection and login to their username with just the same IP.”

IRC Still Most Used Platform for Botnets

Although botnet masters increasingly use platforms other then IRC to command their zombie networks, it remains the biggest platform in use to date.

These botnets are being used by malicious users to perform DDoS attacks, collect personal data such as banking info and creditcard details and for example to use as a base to send spam. The machines used in the botnets are usually compromised home PC’s.

About 75% of the software used in botnets consists of Sdbot and Gaobot. “This dominance is not so much due to any special features of Gaobot or Sdbot, but simply because their code is much more widely available on the Internet. This means that any criminals that want to make a bot can simply base it on the source code of these threats, making any modifications they choose. Essentially, this saves them a lot of work,” said Luis Corrons, technical director at PandaLabs.

IRC networks have been very active in hunting and shutting down botnets. Also security software such as firewalls increasingly warn users for IRC traffic, adding to the chance that the compromised machine is being cleaned. To prevent detection, the botnets increasingly are making use of HTTP, normal website traffic which is far less being looked suspiciously at. Also peer-to-peer type of networks are now in use.

“Control through IRC is useful for controlling isolated computers. However, this system is not so useful when it comes to botnets. By using HTTP, bot herders can control many more computers at the same time, and can even see when one of them is online or if the commands have been executed correctly,” Corrons continued.