Serious they sent me a warning stating that tey have detected IRC traffic.... and that I should scan my systems since.... IRC is a good indicator of malicious software....

Are they crazy?!?

The LOIC is controlled via IRC if I am not mistaken... (and if I am and sound like an idiot then is must be because I am :p)


404

IRC is a good indicator of malicious software....

Are they crazy?!?

Not entirely. A lot of malware does use IRC to communicate. Given how few people use IRC and how much malware there is, it's not an unreasonable precaution to check with you.

I'd be interested in seeing some numbers about how many home broadband accounts using IRC were actually due to malware. I wouldn't be surprised if it was over 50%.

It's kind of nice they warn you. The kind of people who use IRC generally know enough to discard that warning confidently if it's incorrect.

Thing is a lot more crap goes over the msn protocols though than IRC, heck even skypes are used a lot..... Why pick on IRC?

Thing is a lot more crap goes over the msn protocols though than IRC, heck even skypes are used a lot..... Why pick on IRC?

Because way more people use msn and Skype than IRC for legitimate purposes.

Even, Blizzard, seem to think that Linux users running Wine are cheating.
http://ubuntuforums.org/showthread.php?t=2015502

Even, Blizzard, seem to think that Linux users running Wine are cheating.
http://ubuntuforums.org/showthread.php?t=2015502
Please don't derail this thread with a link to a closed thread.

IRC is often used to distribute copyrighted materials illegally since it's pretty private and hard to monitor unlike torrents or well-known download sites like the now-defunct MegaUpload. Child porn rings (http://www.timesnews.net/article.php?id=9023267) are another active group of IRC users. Maybe AT&T figures that if you get this warning, and you've been using IRC for illegal purposes, you'll get scared and stop. Or at least be concerned that they might be tracking your usage.

Thing is a lot more crap goes over the msn protocols though than IRC, heck even skypes are used a lot..... Why pick on IRC?

IRC is a big boy, and can take it.

Are they crazy?!?

Not really. IRC is used by malware to spread information about infected/hacked servers.

Check this: Techsnap 19: Planning for Failures (http://www.jupiterbroadcasting.com/11308/planning-for-failures-techsnap-19/). Around 8:20 an actual IRC bot case is discussed.

Regards.

So... if you use IRC you get a letter saying that basically you are so 1337 we thought you were hacked?

I might have to brush off Ye Olde mIRC just for that letter :p

that's a Good thing that you got the alert warning from AT&T people! in many cases the user doesn't get the warnings and they get to know about the consequences only after failing !

Serious they sent me a warning stating that tey have detected IRC traffic.... and that I should scan my systems since.... IRC is a good indicator of malicious software....

Are they crazy?!?

Can you post a scan? removing personal information, of course). I would very much like to see the wording.

that's a Good thing that you got the alert warning from AT&T people! in many cases the user doesn't get the warnings and they get to know about the consequences only after failing !I agree. If my granny gets the letter and knows nothing about irc, she'll likely call someone, hopefully not me.

If you and I get the letter and know and use irc, we'll at least have some comfort that AT&T is trying to do some good. I'd probably thank them for their concern.

I cant believe tech savvy people say to Ban a chat protocol just because someone say its malware,
if i do a remote control software (for good or bad) its no big deal to switch the chat protocol to another one, or even make my own.

replace the "import irclib" for "import msnlib" xD

Can you post a scan? removing personal information, of course). I would very much like to see the wording.
I saved in in text... (it was sent via email, and yes it was legit).



IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

We have evidence which indicates a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.

Our investigation shows the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network, sometimes known as a Botnet.


Date: (UTC) => Your IP:
<date and time + IP removed>



IRC bot infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots on a host or an attempt to subvert security restrictions for a network.

We realize is some cases this may be normal activity if you are running and IRC server, but as always please make sure protect yourself and others we recommend you scan all computers utilizing the internet connection with an up-to-date Anti-virus program. Verify your anti-virus software is up to date before scanning as some malware is known to tamper with or disable anti-virus software on the infected system. Also ensure your operating system has all necessary updates from the manufacturer.

If your computer meets the minimum requirements you can install the AT&T Internet Security Suite - Powered by McAfee. If your computer does not meet the minimum requirements you will need to obtain comparable software through an alternate means. Instructions on downloading and installing the AT&T Internet Security Suite - Powered by McAfee can be found here:
http://helpme.att.net/article.php?item=12149

Below are some additional sites you can visit for tools or information:

AT&T PC Health Check - Online virus,malware and spyware scan.
https://pccheck.att.com/index.aspx?RID=AG

Microsoft Systems Anti-virus:
http://www.microsoft.com/security_essentials/

Microsoft Malicious Software Removal Tool:
http://www.microsoft.com/security/malwareremove/default.aspx

Apple Systems Anti-virus:
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

We also recommend you run anti-spyware application, like Malwarebytes or Spybot:
http://malwarebytes.org/mbam.php
http://www.safer-networking.org/en/index.html

Customers with wireless a wireless modem/router should check to make sure security is enabled.

If you need help with virus, malware or spyware removal, please contact you current Anti-virus provider or call your current security PC specialist.


We welcome feedback on what removal tool or method was used to clean or secure your system(s).

AT&T Internet Services Security Center
abuse@att.net


SAFETY NOTE: We have included links in this email as a convenience. Please note that it is always safer to copy and paste URLs included in email directly into your browser to reach the referenced site.


Other users have spoken to about this have had similiar respones with some having this added:


In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.”
in any case I have now configured my client to use ssl and am also looking into tor for irc.. for privacy... lets see if I get anymore... notices

Nice email.

SSL ftw!

Where was the "I use Linux, and I know what I am doing" option?

Frankly I'd imagine any ordinary user who got this message would have absolutely no idea what it's about. Take this paragraph for instance:


IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots on a host or an attempt to subvert security restrictions for a network.

"Backdoor trojans?" Are they asking about condom use? "Bots?" What's a "bot?"

On the other hand, the message suggests they aren't sending this to anyone who uses IRC, just people who have machines running IRC connections on non-standard ports. Also there's this curious statement:


Our investigation shows the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network, sometimes known as a Botnet.

Does that mean they have evidence that your computer was sending IRC traffic to a known botnet? If so, I'd like to be notified of that myself. If it just means that you ran an IRC connection on a non-standard port, that's a different matter.

Seiji, I think you hit it on the head. A "normal user" wouldn't have any idea what most of that means. "botnet" or "backdoor" might even seem like buzzwords to get them to buy something.

I don't get all the negativity from users about this. AT&T has a valid reason for concern and is adding value to the service they offer. +1 to AT&T and if it helps to make one user get rid of something nasty sending out spam or doing DDOS from there machine I say awesome!


404

i don't get all the negativity from users about this. At&t has a valid reason for concern and is adding value to the service they offer. +1 to at&t and if it helps to make one user get rid of something nasty sending out spam or doing ddos from there machine i say awesome!


404

+1


we realize is some cases this may be normal activity

Since I'm a normal AT&T DSL client, I got a little more curious,

@Primefalcon: What kind of account do you have with AT&T?

Regards.

Be aware that some IRC servers do port scans on users, apparently to check that the users aren't running insecure machines. Hmm. Don't know if that's legit, but some servers DO that and claim that's the reason.

Perhaps the IRC connection, plus the port scan, raised some flags at your ISP.

Since I'm a normal AT&T DSL client, I got a little more curious,

@Primefalcon: What kind of account do you have with AT&T?

Regards.
phone and internet (dsl high speed).