It looks like Time Warner is hijacking DNS servers for a handful of IRC servers. They are pushing these infected clients to a redirect that runs a script. The script logs them into an irc channel and issues scripts and commands to clean the zombies. Obviously this is their response to botnet traffic that sucks up their bandwith. Is this legal?? I guess you have to fight fire with fire right... Zombies hate fire :)
"It looks like TimeWarner is taking
vigilante action on the botnet problem. They've hijacked DNS for a few IRC
servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet.
(irc.vel.net was hijacked earlier but has been restored.) Using
ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that
forces the user into a channel and issues a set of commands to clean the drones.
There have been different reports of other
IRC networks being hijacked and other DNS servers involved. Is this the
right way to handle the botnet problem? Is hijacking DNS legal?" [SlashDot] Original
Story - [Wired]
