Bot's?

[Girl_for_Tech]

I was reading on the internet the other day about IRC bot's. The web page was talking about how bots can be made to spy on IRC conversations. While on IRC should I be concerned about these bots and if so what should i look for, or is there no way to know when someone is spying on you?
I searched the forum and the only one i found was a thread on chatter bots, sorry if i overlooked a thread on this topic.

[the_JinX]

Most irc bots are programs that connect to a server/channel as a normal user and do what they are programmed to do..
Wich can include logging all that is being talked about..

Most bot's are completly harmless.. and if they are spying they are spying just as efficiently as a normal user whom is logging all that is being said in the channel..

sorry I couldn't be more informative..

the_JinX

[King of CaveMen]

As a former programmer of a bot. (Or scriptor)

No you shouldn't be really worried about bots unless you are talking about something illegal such as "j00 hax0rz .gov box"

Bots can be used for many purposes such as kicking people out who flood, auto opping the correct people, banning people's ip address, things made easy.

Bots can also log your "info" which includes, all info sent to the IRC server, such as your "/whois" information like, script, email, name, nick, ip or host name.

Then the bots can match and try to find people with similar info, such as those who change their nicks.

So don't be real worried about IRC bots, chances are, you have already been logged.

[sickyourIT]

many bots are also just effectively "lurkers" ...you'll notice in many irc channels there will be like 30 people on and only maybe 10 - 15 talking. the others are watching tv, surfing the web, or just reading the chats, but not contributing. many bots will show up the same as an inactive person. just sitting there listening. This will happen a lot in highly active channels. someone will place a bot there to log anything being said about their other nick. "def is n0 1337 h4x0r! 43 4a5 n0 5ki115!" <why poeople bother talking like that is beyond me.>

but, as was previously noted, not a whole lot to worry about. don't plan your coup d'etat over an IRC channel, and you'll be okay

[Girl_for_Tech]

I'm not too terribly worried or anything, i was just reading a conversation steve gibson had with a hacker, that knew another 13 year old hacker that may have taken down his site a while ago. Apparently a hacker named "boss" might have been helping this kid with his bots and gibson was trying to see why the 13 year old "wicked" was attacking him. In the converstation gibson had let the hacker "boss" know that he had made a bot and was listening in on "boss" and one of his friends taking about these "zombies". I looked for the link over at grc.com but i couldnt find it, its probably stored somewhere over there but i couldnt locate it. The way their conversation was going just made me think for a minute, since i use IRC. Thnks for the info guys.

[sickyourIT]

13 year old kids used to play video games for fun, now they hack real computers, and it's all still a video game to them....

[Maverick811]

Originally posted here by Girl_for_Tech
I looked for the link over at grc.com but i couldnt find it, its probably stored somewhere over there but i couldnt locate it. The way their conversation was going just made me think for a minute, since i use IRC. Thnks for the info guys.

I believe that you are referring to this article:

http://grc.com/dos/grcdos.htm

I read this article when it first came out a while back - interesting, to say the least....

[Girl_for_Tech]

That's the one Maverick.

[g00n]

i also read that article, and steve had found that the DDoS attack that took him was thought to have been from a botnet based on some irc server. He found a copy of the bot and figured out how it worked and where it went, and setup a bot of his own to log the entire channel. This gave him the nick of the person(s) that were attacking his site... What his bot did was just join that channel and log every thing said, so steve could go through the logs later and determin what was going on. It would then be possible to take those logs, and strip out the ip's of the bots joining and contact the isp's and have them control the problems.. But unless there was a tremendous concentration of bots on one portion of the isp's network, they more than likely would do nothing about..

It's been awhile since i read that page, so my details may be off, but i believe this is what you are refering too..

[|The|Specialist]

Sounds like the kid just setup maybe 100s of bots to do ICMP floods and things on a site. Instead of useing them for a dDoS alot of bot attacks are used to take over a IRC. Alot of IRC systems op the first person who logs in or whoever knows a password. A bot could be programed to kickout everyone so that the bot would have op then it notifies the owner of the bot or it could bruteforce passwords to a channel or another bot since IRC rooms usually don't lock the passwords down very well and they rarely have limits to how many times you can guess the password a attack like this would be very simple.

Its also possable for worms/trojans to setup IRC right on the infected sys. or login to other IRC systems and tell the users about the IP, OS, & (ect).

As for spying... A user could easyly do whatever a bot can do just at a different rate of timeing. I could cut and paste the text or if right click is dissabled I could make screenshots of possable embarassing situations... the only difference is I would probably get bored and leave.