Earlier this month, security staff at the Norwegian telco, Telenor, located and disabled a network of more than 10,000 zombie PCs. This network was what is known to hackers as a "botnet." Such networks of captive computers are created by worms and trojans that infect unprotected PCs, which can in turn be used to send spam and initiate distributed denial of service (DDoS) attacks. Spammers can use networks of compromised PCs to get around IP address blacklists. Often, as was the case with the Telenor botnet, compromised PCs are controlled across IRC (Internet Relay Chat) channels.
The clients of the Telenor botnet remain compromised, even though the controlling server has been taken out. The Internet Storm Centre advises users with network traffic logs to check for connections from their network to the IRC Server - which was listening on IP 203.81.40.172 tcp port 10009.
