It appears that they was "Linked" to another irc server as well, Linking is where users on one server can see/join/chat in channels on another server whist still being connected to there orginal one (sorta)
link OuTy.ShouTy.TrouTy
{
username *;
hostname hub.the-killer.bz;
bind-ip *;
port 8067;
hub *;
password-connect "sexylink";
password-receive "sexylink";
class servers;
options {
nodnscache;
autoconnect;
nohostcheck;
};
};
(If you was feeling nasty you could create an unrealircd server of your own and give your self netadmin rights and then link in to them (They don't have any checks in place)
Upon checking hub.the-killer.bz(this is the main server) I noticed a number of bot flooding channels, eg PC's Infected with a virus would join this irc network from which then the owner of the network could then give the bots commands to DDOS internet addresses
It appears as if your clients machine had been used to give these bots a place to connect to.
There are also a number of other servers linked into this network(probally infected hosts as well)
Doing an nslookup on hub.the-killer.bz gives back 66.40.240.254 which belongs to an isp called Interland.
There abuse email is "[email protected]" however, bear in mind that this machine is also probally an infected host, But without there main "hub" these attackers will be forced to rebuild there network.
Reply With Quote