Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Wednesday, April 13, 2005

Spazbox.net traffic source revealed?

Well, after every theory under the sun was explored for the large number of visitors to Spazbox.net, it seems the most obvious one was the one we didn't actually think of - or at least, we did, but then tried all the fancier ideas instead. Well I did anyway, but I'm like that.

So without further ado, I give you the source of the massive Spazbox.net traffic. Which is....

IRC?!

Yep, you heard me - there seems to be a massive network of backdoor install points floating around in IRC land, and Spazbox is at the heart of it all. Well known in underground circles, Spazbox (it turns out) is a notorious IRC network devoted to filesharing, Warez and all the other garbage that clogs up networks with Trojans, Viruses and (probably) screaming Swedish porno. It regularly dies off then reappears, Lazarus like, with all new channels to bork your PC on. There's currently about 3,877 channels channels out there, but it's now sitting on a leaf server and the root has gone AWOL. I would hope there's a reward to bring it back, though that's probably pushing it a little. Keeping the Spazbox.net website traffic in mind, check out this IRC chart illustrating the incredible leap in traffic for the IRC network - surely not a coincidence.

Spazbox infections have been around for some time - in fact, check out this horrible thing from September 28th, 2004 and pay attention to the last few lines:

The following text strings are found in the malware body:

00.spazbox.net
#pawnz0z

#pawnz0z is where all the cool cats hang out, with an alleged treasure trove of backdoors all ready and waiting to do some serious damage. The problem is actually finding the bloody thing.

Connecting to the IRC server is made almost impossible because it keeps switching around (those horrible Fedz, eh kids? Run that disk eraser!) though 01.spazbox.net has also been known to put in an appearance. I had hoped to take a trip into Spazboxville (accompanied by a couple of priests and a bucket of holy water), but so far all my searching has turned up a bunch of channels about horseracing, alt.geekdom and some nervous script-kiddies who kept calling me a Narc. If anyone actually finds the elusive IRC network, let me know because in theory it should be rather hard to hide something with 4,000-odd channels. Problem is, there are only about 200 human users - the rest of the 30,000 inhabitants are bots.

That's right - there's anything up to 29,000+ bots waiting to do...what?

And what exactly is the hook being used in the IRC realm to redirect all those end-users to Spazbox.net?

In fact, how are all those end-users managing to find their way into the Spazbox IRC world at all? Because I sure as Hell can't find it. Yet all those hapless end-users are seemingly having no difficulty strolling into #pawnz0z, collecting a nasty dose of redirect-itus and then landing smack bang in the middle of Spazbox.net to cripple their browser and operating system.

So, we have a few more answers and a lot more questions.

But if I find the screaming Swedish porno, I'll let you know.

posted by paperghost at 7:56 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.