Asmo
Site Admin
Joined: 26 Oct 2004
Posts: 663
Location: Undernet
|
 Posted: Wed Oct 27, 2004 10:27 am?? ?Post subject: May 2004
|
 |
|
Dronerunner arrested
Thursday, May 27 2004 by Asmo
And yet another dronerunner bites the dust. The Royal Canadian Mounted Police arrested a 16-year-old in Mississauga who had written a worm. The name of the person can not be released due to the Youth Criminal Justice Act effective in Canada.
The worm named Randex makes use of IRC channels to let the dronerunner control his arsenal of infected systems.
According to police, about 9000 machines were infected with this virus.
There have been 4 comments added to this article.
Comment field changes
Sunday, May 23 2004 by Asmo
There have been a small change in the way the comments functionality on this website works. Before, if a person would post comment while not being registered, (s)he would always get the nick "Anonymous" and her/his IP would be shown. Now you can use any nick as long as it is not a registered one, and the IP will still show.
Please note: if you do NOT want your IP address be visible with the post, then register your username. It is clearly explained with the form, can't really be missed 
There have been 14 comments added to this article.
Ongoing problems for IRCHighWay
Saturday, May 22 2004 by Asmo
"As you might be aware of, the IRCHighWay IRC network as well as other major IRC networks have recently been suffering from heavy Distributed Denial of Service (DDoS) attacks", the IRCHighWay Staff stated earlier this week in a press release. "We have acquired quite solid proofs that the group of individuals that is conducting these activities is at least partly composed of top ranking Rizon Network staff members, including pdi and, Rizon's CEO, Nessun".
Within a day the press release was altered as IRCHighway wanted to make clear the statements were directed towards pdi and Nessun, rather then to Rizon.
The effects of the DDoS can be clearly seen in the user graph provided by SearchIRC.
"We always thought that the relationships between the different networks had to be fair as well as friendly. We must say that we are very disappointed by such behavior just to inherit users from the IRC networks that falter because of the attacks", the press release ended.
Arbin says IRCHighway informed FBI and other law enforcement authorities who are currently studying logfiles and other indications to see whether they can start an investigation.
Of that evidence IRCJunkie has seen subtracts which show IP addresses, contact information on domains used to host IRC servers to control drones, servers used to store files to update drones, and other information where the same nick and the Rizon network kept showing up. If this evidence is genuine it should provide strong leads to law enforcement. According to Arbin, these logs have been handed over to the FBI.
"I realize logs can be "fabricated" and that it might not look like any proof at all. I guess you just have to believe us", IRCHighway network admin Arbin said to IRCJunkie.
The problems have not ended with DDoS for the IRCHighway network however. Last Thursday the website of the network got compromised and had to be taken offline. Several users from the network who had an account with the services reported having an email by a person called Sp0of3r, with the subject [hacked by Sp0of3r]. It is yet unknown if the deface of the website is related to the DDoS attack.
IRCJunkie contacted Nessun and asked him his response on the allegations from IRCHighway. "I can email you some fake logs back showing irchighway dosing rizon", Nessun replies. "And yes I do own about 30 domains whois them all you wish but that does not mean that 1 I control 100% of everything on them and 2 that a whois of them doesn't prove I dosed anything. As for ip information I am 100% always on a bnc just because owning a network with questionable material I am a bit unsafe."
"Also rizon users do not seem to like it when other places post lies such as this and I will apologize for anything in advance they do as controlling 35,000 users is a bit impossible specially when its not something on my network or that I can prove. Thank you for your time and asking for my opinion" Nessuns ended his reply.
Arbin concludes "I suppose this "story" will not end in one day. All I'm thinking is that if a few news websites write something about the issue(s?); it would at least shows our users (we mainly care about our current users basis) that we aren't just saying things..."
There have been 158 comments added to this article.
phpBOT 0.1.0 released
Saturday, May 22 2004 by Asmo
Every once in a while you see a novelty being released. This time it was coming from Jazza, who is the author of phpBOT, a fully fledged modulized IRC bot coded entirely in PHP and using MySQL.
"The main reason i choose to use php for the bot is because PHP is not only an eazy language for developers to code modules in, but it allows for strong intergration into alot of web utilities such as a bot that gathers information from a mysql database from a website. PHP also has alot of good classes that are available which will help developers in module development" Jazza answered when we asked him why on earth he choose PHP to code a bot in.
phpBOT is using a modified SmartIRC as the backbone. Also PHP itself has integrated functionality for interaction with IRC.
We asked Jazza how stable he would classify the bot at this stage. "As this is the first release there are obviously going to be bugs, the backend for configuration is not the best at this stage, but once i am happy with the code for the front end, i will focus on the admin panel. as for stability, i did vigorous tests on how long PHP can sustain an irc connection, currently i have no seen the bot disconnect from instability, i did about two weeks of testing, and i feel that the bot has a strong stability."
There have been 13 comments added to this article.
IRC Channel Operator's Guide
Thursday, May 20 2004 by Asmo
There hasn't been an update on EFNet's #IRCHelp website in ages, and just when you think you should stop monitoring it for news, there is a new guide being posted.
The New IRC Channel Operator's Guide is a guide for those who would like to learn a little what a good channel operator should know to keep their channel in order. The article goes into all the basics a proper operator should have knowledge on, channel modes, kicks and bans, but also the basics of keeping ops and bots and what to do with floods.
You can find the guide here.
There have been 2 comments added to this article.
Turquaz project for Turkish users
Wednesday, May 19 2004 by Asmo
"After many opers suggesting me, I decided to start a Help channel for Turkish speaking users in order to help them on many purposes such as channel take overs, or cleaning their infected computers, or help them to download an anti-virus, for just that purpose we are going to start a public ftp where they can download most updates and free av scanners", IRC operator Cavalry said to IRC-Junkie.
Filling the space where non-English speaking Turkish users of the Undernet IRC network often have problems Cavalry has started the channel #turquaz and website to provide help for those who request it.
IRC-Junkie asked Cavalry if it is not better to have users always download from the original website, due to software having added 'features' (viruses, trojans, backdoor's and the like) he explained: "Those are going to be official mirrors, we won't put there anything unlicensed, every mirror will have it's permission given by the authorities."
"The ftp server will serve not only Turkish users but also non Turkish users, we are planning to translate some software interfaces in to Turkish to help users", Cavalry concludes.
There have been 1 comments added to this article.
Phatbot coder released on bail
Tuesday, May 18 2004 by Asmo
The 21-year-old coder of the Phatbot, known as Alex G. has been released on bail. He was kept in custody since 7th of May when he was arrested in a coordinated operation in southern Germany where the coder of the Sasser worm was arrested as well. Police says although both arrest followed from the same operation, the two cases are unrelated.
The Phatbot is one of the hundreds of variants of Agobot, a bot which is particularly a nuisance for IRC networks where they can sit with the thousands in hidden channels, waiting for commands from their dronerunners.
Up to date antivirus software would have prevented these machines from being able to share sensitive private information to the dronerunner. Even if they got infected, a firewall would have prevented the drone from connecting to the outside world. Both programs are even available for free, take a look at the security section on our links page.
There have been 0 comments added to this article.
Undernet admins voted on new nicklength
Saturday, May 15 2004 by Asmo
The nicklength change has been voted upon by admins, "NICKLEN default increased to 12 per CFV-0243" ircu coder Kev announced in the CVS Changelog. CFV stands for Call For Votes.
It might take till after the weekend untill all servers have adapted the change, as the NICKLEN is a setting that has to be set on a per-server basis.
There have been 18 comments added to this article.
mIRC charity appeal
Friday, May 14 2004 by Asmo
Time for another charity appeal by the author of the popular IRC client for Windows, mIRC.
"Médecins Sans Frontières (Doctors without Borders), Nobel Peace prize winner for their humanitarian work around the world, and known for their vocal stand on humanitarian issues, have a reputation of not only being the first to arrive in a crisis-hit area, but often the only organisation to be there at all" the mIRC website starts. "They are currently one of the few aid agencies working in Darfur, Western Sudan, where close to a million people have been displaced from their homes due to civil war. The Médecins Sans Frontières teams in Darfur are witnessing people in extreme danger due to the violent methods deployed by the warring parties, and the massive emergency aid needed to ensure their survival is desperately lacking."
100% of the registration that will come in now or the coming month will go towards this charity.
In the past mIRC author Khaled held 4 charity appeals, where the last one raised a total of $55,230 USD for the Red Cross and Red Crescent Societies for their work concerning measles in Africa.
There have been 0 comments added to this article.
n00b politicians
Wednesday, May 12 2004 by Asmo
"A congressional hearing on Internet porn last week illustrates what happens when politicians try to ban technology they don't like or understand", this article in ZDNet starts.
The House of Representatives in the U.S.A. is intending a new bill that will go far beyond it's goal, which was to "require that programs like Kazaa and Grokster obtain parental consent before installation."
"Anyone distributing instant-messaging programs, File Transfer Protocol software or Internet Relay Chat clients would have to follow a complicated set of regulations to be published by the Federal Trade Commission, which might as well be renamed the Federal Software Regulatory Commission", the article reads. If the bill will come in effect, not something very adorable if you are the author of a freeware IRC client.
According to the ZDNet article, it does not end there however. Software depositories like SourceForge will in effect become illegal. And authors and webmasters outside the U.S.A. won't be exempted either, as they are "required to hire a "resident agent" and file reports with the FTC--hardly a boon to the burgeoning global open-source movement."
There have been 23 comments added to this article.
PieSpy 0.4.0 released
Wednesday, May 12 2004 by Asmo
Those who like toys, or are interested in social networks will like this bot. It is a "social network bot" which renders diagrams that show the social structure of a channel.
"I've just released PieSpy version 0.4.0" PieSpy coder Paul Mutton said to IRCJunkie. "It will probably never reach 1.0, as
that's just the way I version things "
This new version contains the tracking of nick changes, "which was the most popular feature request", and faster rendering of the images showing the social networks.
"You can now apply different weightings to each of the heuristics that are used to infer relationships and the source code has been refactored so it is now very easy to make your own inference heuristics", Paul adds.
You can find PieSpy here.
O'Reilly will release a book shortly by Paul Mutton, "IRC Hacks, 100 Industrial-Strength Tips & Tools".
There have been 2 comments added to this article.
Bahamut 1.8.0 released
Tuesday, May 11 2004 by Asmo
Yesterday Bahamut 1.8.0 was released. The changes do not include a whole lot of changes visible to the users of networks using this IRCd.
Two changes that will be visible to the users however is the addition of two new channelmodes, +e and +I. Channel mode +e is for ban exemptions. You could for example ban *!*@213.12.23.*, but exempt your friend who uses *!~me@213.12.23.128.
The other channel mode +I is exempting certain hostmasks from having to be invited for joining a invite-only channel.
Support for these two channelmodes have been implemented in mIRC's channelcentral which can be reached by double clicking a channel.
One change which sure will change the operation of the IRCd however is the configuration file format change. "Config file format changed to bind-style", the changes file reads.
The traditional IRCd configuration file will be banned with the introduction of this style, where you have blocks embraced in braces and which will end with a semicolon.
Here is an example how a IRC Operator is configured in the new configuration style:
oper {
// required tokens
name johndoe; # Account username
passwd secret; # Account password (optionally encrypted)
host ident@hostmask; # Restrict access to this mask
host *@172.16.4.2; # Up to 32 masks can be specified here
access *Aa; # Access flags
// optional tokens
class opers; # Place authenticated client in this class
};
The configuration for a IRC Operator in the traditional IRCd configuration style (generally referred to as an O:line) would look like this:
O:*@172.16.4.2:secret:johndoe
You can find Bahamut here.
There have been 3 comments added to this article.
Nicklength increase on Undernet
Saturday, May 8 2004 by Asmo
There was a time, long ago, where it was thought 9 characters for a nick should be enough for everybody. Like the famous "640K ought to be enough for anybody" quote from Bill Gates.
These days it is hard to get a unique nick others will not use. The addition of pipes, numbers and underscores help to have a nick that is unique and not in use.
For a long time it was technically impossible for Undernet to increase the nicklength, as the IRCd would break and possibly be causing chaos. With the latest ircu (Undernet's IRCd) however it is possible to increase the length of a nick without having to fear such problems.
"It's possible today, we can do it right this instant if we want", said Isomer to IRCJunkie. Isomer is one of the lead coders of the ircu project.
"Undernet's interested in changing the maximum length of a nick. Currently it's 9 characters, the options are upping that to 12 or 15 characters. /msg #nicklen with your vote, votes are any number between 9 and 15. We'll use this information to help form our new policy of nick lengths" he asked the users of Undernet today over wallops.
Not coming as a big surprise, 15 was a rather popular number amongst the messages.
We asked Isomer when he might expect such a change might come in effect. "No idea, probably within a month or two." Such a change would require a vote by the admins of the network.
There have been 16 comments added to this article.
Some EFnet news
Thursday, May 6 2004 by Hardy
The canadian portion of EFnet have approved a new server named irc.kagmir.ca a 60 days trial link. It will be another open client server and its located in Vancouver, British Columbia.
The server is hosted by Big Pipe Inc, a division of Shaw Communication which allready hosts a client ( irc.arcti.ca ) and hub (ircd.arcti.ca ) server on the network.
On another note, the oldest remaining EFnet server irc.umich.edu has opened up a bit and now allows connections from *.edu. The server have been restricted to its own university clients and Michigan providers until now.
There have been 0 comments added to this article.
IRC - The Internet's Wilder Side
Thursday, May 6 2004 by fadeaway
The mainstream media has noticed IRC once again. According to New York Times reporter Seth Schiesel, the Internet has a wild side. That wild side is IRC.
In this article Schiesel explains the details behind the shady dealings of the IRC underworld, calls IRC the "Wild West" of the Internet, and says that the service is "a louche hangout of digital smugglers, pirates, curiosity seekers and the people who love them.". References are also made to such unflattering subjects as Operation Fastlink, child pornography rings, and the perpetuation of botnets.
While a grim picture of the varied uses of IRC is painted, there are several quotes from IRC network staff outlining that some people do in fact still use IRC for it's intended purpose, chatting, and that the networks are not actually intended to be used for illegal purposes.
Unfair demonization of IRC, or perhaps the harsh reality of the situation? You be the judge.
There have been 8 comments added to this article.
Florida cracker charged
Wednesday, May 5 2004 by Asmo
Security Focus is reporting on Benjamin Stark, 22 from Florida U.S.A. who is charged with defacement of "dozens of governmental and private Web sites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses."
"Tighten the security before a foreign attack forces you to. At a time like this, we cannot risk the possibility of compromise by a foreign enemy." The message reads he used on defaced websites.
One of the more well known defacements is where the group made details public from a Federal Aviation Administration (FAA) database which contained information on airport screeners and weapons they found.
He is also being charged for trafficking stolen credit card numbers. In June 2001 he sold 447 credit card numbers for $250 in an IRC channel.
There have been 6 comments added to this article.
XChat-Gnome v0.1 Released
Wednesday, May 5 2004 by fadeaway
The XChat-Gnome development team yesterday announced the preview release of their new frontend for the popular XChat IRC client. In the tradition of Gnome philosophy the software was created in order to streamline the accessibility, user interface, and functionaily of the client.
Interested parties can find copy of XChat-Gnome here.
There have been 0 comments added to this article.
IRC controlled botnets become a global security threat
Saturday, May 1 2004 by Asmo
"While many network administrators worry about the next worm, security experts are warning that a quieter but equally damaging threat is slowly gaining control of large networks of computers", this article in Globe And Mail starts.
Recently there is a global awareness that IRC or p2p controlled infected machines is becoming a real security thread.
"Bot software is much harder to detect than worm programs because it tends to be more stealthy." Which make perfect sense if you think about it. The author of the virus is net helped with getting attention from the owner of the infected machine. He prefers letting the owner be ignorant so the machine stays infected, making the machine available to him for DDoS and gaining information (credit card info, etc). "Some attackers have even used the computation power of the combined computers in a bot net to create their own distributed supercomputer for breaking encryption, especially on passwords."
Another issue is estimating how many infectees there are of a certain virus. Antivirus software vendor Symantec releases information in the form of "number of infections" on their latest virus threats information page.
Symantec and others estimated the total amount of infectees with the MSBlast virus to be half a million at max. After Microsoft released a patch for the exploit, it announced it found 9.5 million infectees instead. Quite something different.
This website used to compile a weekly virus update with viruses who are related to IRC in any way. This in the end was impossible to continue due to the amount of viruses involved, and after a while it got rather boring to read.
The software to prevent these bots and other viruses to spread is still totally free available on the Internet however. Check out the links page for a list of good freeware antivirus and firewall programs. And of course do not forget to update your OS regularly 
There have been 8 comments added to this article.
_________________
Asmo
webmaster www.IRC-Junkie.org
|
|
???
