Home | Networks | Community | Need Help? 

 
 Quick search

 
 
 RegisterRegister   Log inLog in 

Another virus affecting my network this morning
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    SearchIRC Forum Index -> IRC Abuse
Author Message
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jun 27, 2003 1:44pm    Post subject: Another virus affecting my network this morning Reply with quote
Random bots with random nicks sending stuff similar to:

<heunubtpu> "Miss Cleo knows all, she is readin yer thoughts right now, she is putting you into mindjail http://80.11.4.129:3030/mindjail.zip"

I have been akilling them as spammers-if you don't they seem to loop and come back every 30 mins. They take a /list and join every channel with 10+ users, message everyone, and depart.

If you have +R for channels, seems to be the best way to avoid them.

I don't recall the name but there was a virus reported yesterday on yahoo news, probably related to it.

If only people wouldn't download files from people they don't know Smile
Back to top
Jason
SearchIRC Developer
SearchIRC Developer


Joined: 03 May 2003
Posts: 1484
Location: Tampa, FL
PostPosted: Jun 27, 2003 2:14pm    Post subject: Reply with quote
bah. I hate these stupid things.

They play a big part in why it's getting difficult to run even a simple /list anymore.
Back to top
Orare
none
none


Joined: 12 May 2003
Posts: 17
PostPosted: Jun 27, 2003 3:23pm    Post subject: Reply with quote
We're seeing them also... have a log file that goes on for hours of them logging on. Only consistancy we see so far is they are all 9 letter random alpha nicks.
Back to top
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jun 27, 2003 4:36pm    Post subject: Reply with quote
They stopped about an hour ago on my network, course we've been akilling them all morning-maybe we got them all, who knows.

Either that or people actually run anti-virus on occasion.
Back to top
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jun 27, 2003 4:37pm    Post subject: Reply with quote
Jason: I can see what you mean. Alot of my channels went +s this morning.

Till they realised they could go +R, block non registered nicks, and not be out of the /list Smile

They liked that option alot better, course now alot more people are registering-which is probably a good thing for everyone involved.
Back to top
Orare
none
none


Joined: 12 May 2003
Posts: 17
PostPosted: Jun 27, 2003 4:42pm    Post subject: Reply with quote
They stopped here at the same time. Probably the script kiddies bedtime.
Back to top
Michael
none
none


Joined: 18 May 2003
Posts: 48
PostPosted: Jun 28, 2003 2:05am    Post subject: Reply with quote
Got those this morning at DilexNET, however, they only came on once, said their bit and left.

It's kinda like a talking and not as big fizzer attack.
Back to top
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jun 28, 2003 11:23am    Post subject: Reply with quote
Well considering anti-virus places jumped on it quick, its likely that the spread was stopped fast. It was a .zip file and alot of corporate environments block email attachments of zips by default.

I don't think it ever even had a chance-I haven't seen any in 24 hours, but we akilled the ones we saw-so they probably are still out there, just not able to connect.
Back to top
Jason
SearchIRC Developer
SearchIRC Developer


Joined: 03 May 2003
Posts: 1484
Location: Tampa, FL
PostPosted: Jun 28, 2003 11:27am    Post subject: Reply with quote
It's been such a long time since I ran my Undernet server, I can't recall, but it seems to me ircu had a target change too fast error when a user tried to join many channels in N amount of minutes.

Even if I'm mistaken, that anti mass /msg code that throttles users could easily be adapted to throttle for /joins. It might not stop this type of activity, but it sure could make it slow as hell to accomplish :)
Back to top
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jun 28, 2003 1:49pm    Post subject: Reply with quote
Yeah I don't think this one was planned too well-it already appears to have disseapeared off the radar screen after 2 days of it causing an issue-and the issues it caused were very minor.
Back to top
Orare
none
none


Joined: 12 May 2003
Posts: 17
PostPosted: Jul 01, 2003 12:03pm    Post subject: they're baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaack Reply with quote
We have these guys back this morning.. anyone else seeing them?
Back to top
U
Eleet
Eleet


Joined: 18 Jun 2003
Posts: 521
Location: IRC
PostPosted: Jul 01, 2003 12:15pm    Post subject: Reply with quote
Was just going to post.

They appear to be back with different ads, maybe someone released a modified version?

Going back to akilling on sight for a while.
Back to top
Jason
SearchIRC Developer
SearchIRC Developer


Joined: 03 May 2003
Posts: 1484
Location: Tampa, FL
PostPosted: Jul 01, 2003 12:22pm    Post subject: Reply with quote
rofl. At least they are changing ads. Nothing worse than staring at the same spam ads repeatedly.

They likely want to test to see if the new ads get a better click-through-rate than the previous.
Back to top
Orare
none
none


Joined: 12 May 2003
Posts: 17
PostPosted: Jul 01, 2003 12:41pm    Post subject: Reply with quote
lol.. its keeping one of our ircOPs busy as all get out.. but we see absolutely no pattern, and they arent repeating the ip numbers.. so imho akills just satisfy the inner urge to DO SOMETHING!!!!

Using it now as training for some of the newer ircops.
Back to top
Orare
none
none


Joined: 12 May 2003
Posts: 17
PostPosted: Jul 01, 2003 1:30pm    Post subject: Reply with quote
Have you noticed that they ping out if not killed?
Back to top
Display posts from previous:   
Post new topic   Reply to topic    SearchIRC Forum Index -> IRC Abuse All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
 
Forum powered by phpBB
 
 © 2000 - 2008 EverythingIRC, Inc. All rights reserved. Please read our disclaimer