www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: August 2008

EFNet IRC net and Website get hacked

www.irc-junkie.org tried to get in touch with EFNet to comment on the happenings to no avail but got instead contacted by the hackers themselves.

The hackers, identifying themselves as “2l8″, allegedly killed off the IRCd on efnet.nl and relinked with their “ircd with a custom-made patch iHaq wrote just for the occasion. Amongst other nifty features it had kill protection, automatic opering, hardcoded spoof (incase anyone got in and looked at hte config files) for us (root@your.servers) and a more dynamic, yet coded in spoof that gave every connected user a host like OWNED-#.MASSIVE.2l8.OWNAGE”.

When asked about their motives they replied “The current situation of morons running alot of the network … is unacceptable. It’s no wonder kids resort to DDoSing IRC-servers. We felt it was time to send a clear message: We Own You. We will always own you … Being on IRC is no different from being in a large crowd, there is no reason for you to act like you are 12 and a bitch.”

They however stated that they themselves are EFNet regulars “Some of us have been on EFnet for 12 years, so that would be a yes. With the current state of affairs tho, we might just pound it into the stone age and go hang-out on freenode or something were people actually behave like regurlar human beings …”

Asked about the techniques behind the hack they replied “This attack has concsisted of using privately developed Linux and FreeBSD remote kernel bugs, as well as certain daemon bugs(apache,openssh,bind,etc) as well as webapp bugs, and sniffing. However the technique so far has been to rely on people’s totally predictable egos. Most of these folks have an ego the seize of the Great wall of China.”

Talking about the hacked webpage http://www.efnet.org, which displayed gayporn titled “oper convention” for two days, they told “The EFnet admins (and opers + groupies) thought we played with DNS cache poisoning for days to get their website to show gay porn, however, we never even attempted that, as we owned their nameservers:)”

Closing the email they wrote “The 2l8 team, want to take his opurtunity to tell everyone that a little love and respect goes a long way. Admins, opers or users, you are all still just human, us included.

- It’s never 2l8 to start being nice.

- The 2l8 team: iHaq, iRoot, iPwn, iSniff.”

Of course, any comments from the EFNet side are more than welcome and if need be will be handled strictly confidential.

Denora IRC-Statistics version 1.4.1 released

Changes in the latest version include improved Charybdis support, Nefarious and other P10 IRCD improvements, compiling on Windows has been fixed, some other minor fixes which are unnamed and an as vaguely described “potential security issue in string handling has been adressed”.

Compiling on Windows with SQL enabled has been a “last minute fix” so the developers consider this a test release for Windows and appreciate any feedback via their bugtracker

The homepage of the project is located here

Another 100.000 Zombies Botnet bust

Yesterday, the creator of a Botnet consisting of more than 100.000 Zombies has been arrested. The 19-year old Dutch and his 16-year old brother are said to be the botmasters of what once was a botnet peaking 150.000 compromised hosts…

Also arrested was a 35-year old Brazilian that wanted to buy the botnet for his malicious activities – at the price of 25.000€ (US$37.290). The bust was a cooperation between the Dutch High Tech Crime unit and other international forces such as the F.B.I.

The botnet spread on Windows Live Messenger without the help of exploits but using a social engineering approach.

Would-be victims received a message from friends on their contactlist with a link and were asked to click on it – once infected they would then message their friends.

If you suspect to be zombified, one way to spot an infected machine is to check it for outgoing connections to the host “elena.ccpower.ru” on port 3306.

Antivirus company Kaspersky has put together a webpage with information on how to get rid of the bot – it however is advised to perform a full system scan with AV as well as spyware scanners since Shadow possibly also installed adware on the victims computer.

mIRC 6.34 has been released

4 days ago, Khaled Mardam-Bey released a new version of the popular Windows IRC-client mIRC

The website states: This version of mIRC is a small though important update to the previous version and has been released primarily to resolve an important issue with ‘if’ statements being processed incorrectly in the scripting language.

It continues: Although this is a minor update, it includes important changes and is a highly recommended download.

The full list of changes is as follows:

1.Fixed if/while bracket priority bug which affected the parsing of if/while statements.

2.Fixed text display bug where the last character in a line was being chopped off.

3.Changed the fast update display method.

4.Fixed tips display bug.

5.Fixed copy messages to query bug.

6.Fixed /drawrot rounding error bug.

7.Fixed treebar/switchbar server sorting display bug.

The following link is supposed to have even more detailed informations of what has been updated.

Location of the download is here.

Thanks to Chain for the tip!

Hi, my name is…

..phrozen77 and i am the new operator of this fine website.

First of, i want to thank Asmo for doing such a great job with it for oh so long, thank you and kudos for keeping up with it.

I hope i can keep the site up-to-date with interesting articles and tidbits from the big world of IRC just as he did.

He set pretty high standarts the last few years so i really hope i can fulfill the expectations of our loyal readers ;)

All the best wishes to Asmo and his family, i hope to still see you around here!