[General] DroneScan Launched.

Ask your general or IRC related questions.
OUTsider
Posts: 435
Location: Netherlands

[General] DroneScan Launched.

Post by OUTsider »

Maybe you have noticed that certain people suddenly get a notice like this:

-DroneScan- Your system is probably infected with a drone. Please visit http://www.key2peace.org/dronescan/?id=................ . This is NOT SPAM

DroneScan is an eggdrop I'm working on trying to locate drones using specific ident's.
The purpose is that besides the drones itself it will also notify users that are currently online and active living users.

As of this writing it has detected 921 unique IP's which are affected. The page dronescan is sending you to tells you why you have been sent there and certain links to online scanners like Trend, McAfee and RAV which are the currently best working online scanners I know about.

Please refer to the manual described on the online scanner to find out how to use it.

However, it is also possible that your nickname matches the masks scanned for and you are not infected, but I advise you to still perform the scanning advised just to make sure.

Once you cleaned your system from the nasty creeps, please revisit the site, including the id offered to mark yourself cleaned.
Don't bother reading, I'm just the lame botlender, right ?

LeRebel
Posts: 23
Location: Quebec, Canada

Post by LeRebel »

That's a great idea, because we have many user infected with drones and virus.

I'm sure DroneScan will be very usefull in Undernet :)
[img]http://pages.videotron.ca/jcote/sig/lerebelsig.jpg[/img]
[img]http://pages.videotron.ca/jcote/sig/undernetmoderator2fz.png[/img]
[img]http://pages.videotron.ca/jcote/sig/fancanadiensdemtl5qc.png[/img]

User avatar
doM
Posts: 9
Location: Canada - Quebec

Post by doM »

Without any doubt, it's a very good idea.

Good job OUTsider.
Imagination is more important than knowledge.

User avatar
Razvanet
Posts: 406
Location: Toronto,Canada

Post by Razvanet »

Yes, i have to say it's a good idea, hopefully it will work and help Undernet get rid of drones. :)

Good Luck !
Dream what you want to dream; go where you want to go; be what you want to be because you have only one life and one chance to do all the things you want in life.

User avatar
BaZz
Posts: 23
Location: Montréal, Canada

Post by BaZz »

Excellent idea, if you need shells to run more than one vesion, to make it more accurate, contact me.
-BaZz-
[0] infected! Advertising infecting web sites. Clean this computer! http://www.moosoft.com http://housecall.trendmicro.com/

ongeboren
Posts: 1

Post by ongeboren »

I'm currently involved in another irc network with similar issues.
We have observed a high virus increasement in the last month.
My count is for about 2 days uptime for my service - more than 4000 infected hosts (now).
2 weeks ago the same virus was detected in 36 hours on more than 10 000 hosts!!
Would you like some collaboration ? I believe we could share at least some usefull thoughts.
Find me on undernet - nick ongeboren.

Towner
Posts: 1

Post by Towner »

Can someone post the full url for the drone remvoer tool please. Im pretty sure I had a hacked server and first thing I knew of it was a lovely Kline message along with hacked bot server :(

I have used Undernet for almost 6 years now and im generally a careful admin of my redhat servers. If I did have bots I no longer do since i fornmatted the machine and got the latest security updates as well as improving some iptables rules.

Unfortunately being on a semi-dynamic ip range i could have to wait months until my ip and mask change. Surely that a ISP K-Line/ G-Line is rather un fair if you do have hacked hardware and have subsequently removed it. I am UK and there is only 1 broadband provider in my area. Half of the UK will have this same problem. Contacting the ISP will have no effect as it is an international conglomerate who have call centres in india filled with moronsd reading from faqs.

If a ban is to be made (wich i do agree with) It should not be over an entire ISP's mask. At the very least there should a be a facility to prove that a certain ip address and identd have been 'de-botted' and be re-enabled on the network.

For now I have emailed abuse but since #help could not help me I very much doubt I will be able to get on Undernet from this location for a long time.

OUTsider
Posts: 435
Location: Netherlands

Post by OUTsider »

There are like hundreds, if not thousand types of drones. Please be more descriptive about your type of drone.

The best way is to go to the common online scan websites like http://housecall.antivirus.com and have your system scanned there
Don't bother reading, I'm just the lame botlender, right ?

User avatar
Stefex
Posts: 3

Post by Stefex »

I've got the same problem of what seems a lot of people in this period: yesterday, without apparent reason, i started to get this message when trying to connecto to Undernet:
[5] Drones.
-
Closing Link: stefe by Milan.IT.EU.Undernet.Org (K-lined)
-
* Disconnected

Just this, no dronescan stuff or anything. Anyway, i checked my system and, just like all the other people, found no virus.
So, what shall I do? I guess you will tell me to contact my ISP but (again, as everybody else has said) they will probably just don't care for my complaints, as my ISP is a big italian cable service, and there are probably just a dozen users who connect to Undernet IRC. So, K-lines and abuses on undernet aren't a priority for them, i guess...Any suggestion then?
Thanks

User avatar
chip
Posts: 30
Location: Paris, France.

Post by chip »

Only a simple scan on http://housecall.trendmicro.com doesn`t detect all tr0jans , I advice you to join #vh or #dmsetup if you think you are infected or you spam, because files like server.ini are not recognized by that free online scanner.
Also for tr0jans after you scan with housecall is good to use this: http://www.moosoft.com/thecleaner/download.php


Anyway that dronescan bot is an excellent ideea :wink:

User avatar
Stefex
Posts: 3

Post by Stefex »

Thank you chip!
I scanned my pc with the cleaner and found a trojan called "Tenget" in three files (by the way, the stupid Norton AV didn't find them...). I took this occasion to make a couple scans with spybot, adaware and so...just in case!
So, now what else can i do to solve this k-line problem?

Thanx again

User avatar
caesar
Posts: 224
Location: Iasi @ .ro Real Location: Behind you! Sexual Orientation: Damn Straight!

Post by caesar »

If you don't keep up-to-date the viruses signatures how do you expect to find anything "new" with it?
Blame not on stupidity what is best explained by ignorance..

User avatar
Stefex
Posts: 3

Post by Stefex »

ACTUALLY the last update dated just a couple weeks back, most of which i spent on holiday away from home.
I don't know wether we should blame all this stuff to ignorance or stupidity, but certainly not to ME!

User avatar
chip
Posts: 30
Location: Paris, France.

Post by chip »

caesar wrote:If you don't keep up-to-date the viruses signatures how do you expect to find anything "new" with it?
Even if he had all viruses signatures up to date, Norton isn`t anymore what it used to be, get a good antivirus Stefex.

User avatar
caesar
Posts: 224
Location: Iasi @ .ro Real Location: Behind you! Sexual Orientation: Damn Straight!

Post by caesar »

Get a good protection for anything.. shut down your computer and get a life. :) I do use Norton and I keep it up-to-date and till now didn't had any surprises with it. I've heard from some friends that it sucks I till now he didn't failed to detect any malicious viruses that wanted to get access to my computer, if any. :P
Blame not on stupidity what is best explained by ignorance..