.:Computer Defense:.

So I decided to check my email and I see 2 emails with "Welcome to our IRC !" as the subject line. I figure I might as well check it out and this is the body of the email (both had the same body):

Hi

Welcome to our new IRC net ! irc.dogm.net:6667

Join to channel #help . First 5 newcomers will get channel operator status!

Also visit our website http://dogm.net

This is not a spam.

Regards,
Julia

The mail header is:

Return-Path:
Delivery-Date: Mon, 08 Jan 2007 14:36:58 -0500
Received-SPF: none (mxus5: 85.195.49.18 is neither permitted nor denied by domain of voila.fr) client-ip=85.195.49.18; envelope-from=Darrin@voila.fr;
helo=user18.85-195-49.netatonce.net;
Received: from [85.195.49.18] (helo=user18.85-195-49.netatonce.net)
by mx.perfora.net (node=mxus5) with ESMTP (Nemesis),
id 0MKpyh-1H40Ih1ElB-0006Jp for me@myemailg; Mon, 08 Jan 2007 14:36:57 -0500
Message-ID: <68F47862.8489292@voila.fr>
Date: Mon, 8 Jan 2007 20:36:56 +0100
From: Roberta
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: me@myemailg
Subject: Welcome to our IRC !
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Envelope-To: me@myemail

So I decide to join the server and see what's on it:

*o* Connecting to port 6667 of server irc.dogm.net [refnum 2]
[tolcom] *** Looking up your hostname...
[tolcom] *** Found your hostname (cached)
[tolcom] *** If you are having problems connecting due to ping timeouts,
please type /quote pong 98628AB1 or /raw pong 98628AB1 now.
[tolcom] *** You connected on 6667 port. Using CP1251 translation scheme as
default.
*o* BitchX: For more information about BitchX type /about
*o* Welcome to the Dogm Network IRC Network
me!me@myip
*o* Your host is irc.tolcom.ru, running version Unreal3.2.3-rus.dogm
*o* This server was created Tue Nov 7 2006 at 11:48:23 SAMT
*o* irc.tolcom.ru Unreal3.2.3-rus.dogm iowghraAsORTVSxNCWqBzvdHtGpZ
lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj
*o* SAFELIST HCN MAXCHANNELS=20 CHANLIMIT=#:20 MAXLIST=b:60,e:60,I:60
NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307
MAXTARGETS=20 WALLCHOPS WATCH=128 :are supported by this server
*o* SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+
CHANMODES=beI,kfL,lj,psmntirRcOAQKVGCuzNSMTG NETWORK=Dogm-Network
CASEMAPPING=ascii EXTBAN=~,cqnr ELIST=MNUCT STATUSMSG=~&@%+ EXCEPTS
INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP are supported by this server
*o* [local users on irc(64)] 3%
*o* [global users on irc(266)] 13%
*o* [invisible users on irc(1822)] 87%
*o* [ircops on irc(9)] 0%
*o* [total users on irc(2088)]
*o* [unknown connections(1)]
*o* [total servers on irc(66)] (avg. 31 users per server)
*o* [total channels created(928)] (avg. 2 users per channel)
*o* Current Local Users: 64 Max: 76
*o* Current Global Users: 2088 Max: 2521
*o* CP1251 is now your translation scheme(from me)
*o* Mode change [+ix] for user me
*o* Closing Link:
me[myip]
hub1.dogm.net (Please connect to the irc.prioz.ru and join #help for
more information. Thanks. )
*o* Connection closed from irc.dogm.net: Unknown error: 0
Alrighty, so let's try out irc.prioz.ru:

*o* Connecting to port 6667 of server irc.prioz.ru [refnum 3]
[prioz] *** Looking up your hostname...
[prioz] *** Couldn't resolve your hostname; using your IP address instead
[prioz] *** You connected on 6667 port. Using CP1251 translation scheme as
default.
*o* BitchX: For more information about BitchX type /about
*o* Welcome to the Dogm Network IRC Network me!me@myip
*o* Your host is irc.prioz.ru, running version Unreal3.2.3-rus.dogm
*o* This server was created Thu Aug 18 2005 at 19:10:48 MSD
*o* irc.prioz.ru Unreal3.2.3-rus.dogm iowghraAsORTVSxNCWqBzvdHtGpZI
lvhopsmntikrRcaqOALQbSeIKVfMCuzNTGj
*o* CMDS=KNOCK,MAP,DCCALLOW,USERIP SAFELIST HCN MAXCHANNELS=20 CHANLIMIT=#:20
MAXLIST=b:60,e:60,I:60 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307
KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 WALLCHOPS :are supported by
this server
*o* WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+
CHANMODES=beI,kfL,lj,psmntirRcOAQKVGCuzNSMTG NETWORK=Dogm-Network
CASEMAPPING=ascii EXTBAN=~,cqnrs ELIST=MNUCT STATUSMSG=~&@%+ EXCEPTS
INVEX are supported by this server
*o* CALLERID are supported by this server
*o* [local users on irc(29)] 1%
*o* [global users on irc(268)] 13%
*o* [invisible users on irc(1820)] 87%
*o* [ircops on irc(8)] 0%
*o* [total users on irc(2088)]
*o* [unknown connections(0)]
*o* [total servers on irc(66)] (avg. 31 users per server)
*o* [total channels created(933)] (avg. 2 users per channel)
*o* Current Local Users: 29 Max: 151
*o* Current Global Users: 2088 Max: 2521
*o* CP1251 is now your translation scheme(from me)
*o* Mode change [+ix] for user me
-Global(services@services.dogm.net)- [=ePe+>n - +oP 08 2006] +Pauao-*o
UeOntePa>oO# +o># DogmNet, ZO* +a+ *abe>a*> |e>e-paOo*o* (
http://faces.dogm.net ), pZo +* -euo>o ab+eO*>oe bo+UOa>oe
*at-o+>#>n +Pe# (a -euo> # oo +Pe# |e>ep*a|##, a >a0 uo |e*< -
+o># ( http://forum.dogm.net ) o+O# +a =a>a oo ZO* Pa+ # Pa-
|e=o>+* oo>e*eUO#Pepe eb*oo#*.
-Global(services@services.dogm.net)- [=ePe+>n - +*O 17 2006] +Pauao-*o
UeOntePa>oO#, P +o># DogmNet ZoO+>P< *>: =ePe+>oeO 0aoaO #news |
0aoaO 0e-Un*>o*oeO Ue-e*# #pc4all | *atPOo0a>oOno*o 0aoaO*: +oo0Ze>*
- #Anekdot , P#0>e*#o* - #Viktorina # #BuKTOPuHA , 0aoaO* On-line
RPG #p*: +*oo* - #fights # #combat , 0aoaO tabaPoeO #p** #idle,
+a|#* - #mafion , +oap*a--* - #Svalka , +#+o>oPa* #p*a
#armageddon # #fightworld !
-Global(services@services.dogm.net)- [=ePe+>n - +oo 01 2006] +Pauao-*o
UeOntePa>oO#, ZO* e>0O*=oo#* aP>eP|eZa oa 0aoaO Ue U*#pOa*oo#*
(INVITE) Ze+>a>e=oe PPo+># "/ajinvite off" (a0>eOn0e ZO*
UeOntePa>oOoO #+UeOnt< **#| mIRC). C +Pauoo#o-, +Z-#o#+>*a/#* +o>#.
-Global(services@services.dogm.net)- [+O< =aOoa* oePe+>n - -o0 21 2005] + Pa+
o+>n PeU*e+* Ue unix-+#+>o-a-? +b*a*aO>o+n oa #unix || ++>n PeU*e+*
Ue PHP/bata- Zaoo*|, etc.. ? -eb*e UeuaOePa>n oa #php
[prioz] Setting/removing of usermode(s) 'ws' has been disabled.

I'm guessing the "random" text actually says something but I don't have the correct language packs. After reconnecting using XChat instead of BitchX I could read the Global messages:

-Global- [ - 08 2006] DogmNet, - ( http://faces.dogm.net ), ( , ( http://forum.dogm.net ) .
-Global- [ - 17 2006] , DogmNet : #news | #pc4all | : - #Anekdot , - #Viktorina #BuKTOPuHA , On-line RPG : - #fights #combat , #idle, - #mafion , - #Svalka , #armageddon #fightworld !
-Global- [ - 01 2006] , (INVITE) "/ajinvite off" ( mIRC). C , .
-Global- [ - 21 2006] DogmNet, SMS - #smski, SMS - , !

A user list of the #help that they suggested I join displays the following users:

#help ME H ME@MyIP (Me)
#help _PATR1OT_ Hr FORCE@10.10.3.46 (--#>*#O +.)
#help Luciferrum H chatzilla@A98E0AC0.1A9C8D19.BBB32C2.IP (New Now Know
How)
#help dsfgdf H dron@*-FCF1E145.beelinegprs.ru (dron)
#help Camypau Hr avolution@172.18.88.148 (-=C@myp@U=-)
#help Twiik Hr ~>-a@F31F6A99.3B26E0E.149A40B0.IP (a*>+-)
#help Ghotrix Hr other@irc.galich.cis (men)
#help Gillette Hr egaming@*-FE7AEC34.lsk (egamingGellette)
#help Neckromant Hr wow99@B7AB8DE6.AF153191.EDA58A93.IP (+e*#+)
#help Fara_4323 Hr Fara_31@193.27.206.46 (Farhod)
#help LeXX Hr nIRCuser@10.10.1.48 (_)
#help Jurik_net H eMircGame4@99A8BDAF.A0FDDE34.22041A03.IP (Jurik)
#help Krol Hr~
h4x0r@only.few.of.mere.mortals.may.try.to.enter.the.twilight.z
one (Network Developer)
#help GoGGi Hr Miranda@AtcckySaS.f2irc.org (wheee)
#help oxothuk Hr sss@*-BAC33505.dsl.kc.ru (sss)
#help wibble H jt@75FF3D8E.AF3C5B97.117E05AC.IP (James Taylor)
#help #o*o
#help -*Zn0a-+a* Hr mIrcGame5@192.168.32.171 (GP)
#help mrScamp Hr sasha@home.sasha.rv.ua (+a*a +a*/#o*0)
#help [F-1]MiLLe Hr+ abuse@97A5C595.375E4F48.149A40B0.IP (+* =>e->e #*o*n
><>?)
#help MaMaNtEnOk Hr lamak@172.16.3.46 (-#-a+)
#help Vikki|away Gr ~postn@ircop.dogm.net (Vikki)
#help ^SiMs^ Hr simshitman@192.168.22.37 (SeMeHbI44444444)
#help Skrait Hr ExCluSiVe2@*-5FF0B309.lsk (AleX.)
#help cahek Hr cahek@F0ED2871.F780ED1F.E77C606C.IP (cahek)
#help +0>0o4 Hro4 aol@helpteam.dogm.net ( h4ck)
#help _eXtremal_ Hr+ eXtremal@13158A7D.2BB6406.149A40B0.IP (+On*)
#help P Hr sex@co-admin.helpteam.dogm.net (HelpTeamO [helper])
#help K4d1er Hr ~kUHD76@K4d1er.sigma.rgn (K4d1er)
#help [Watercool Gr clr@nc-admin.dogm.net (-)
#help +u0a[Ze-a] Hr wild@egikoff.net (|#*=aO0a)
#help Klyde Hr+ MASTER@D4346125.267EE678.149A40B0.IP (Apprintice)
#help G Hr+ root@helpteam.dogm.net (David)
#help t0rr Hr AOE@t0rr.from.Emerald.service (GP)
#help Sovet Hr Sovet@192.168.87.91 (Sovet)
#help ddd[TeJIa_ G% ddd@ddd.helpteam.dogm.net (ddd)
#help _Gr3h0ff_ Hr 9999@netadmin.dogm.net (The Wanderer 0f Eternity)
#help d3m0n Grn d3m0n@demon.helper.dogm.net (Alexander G.)
#help X H& security@security.net (Secure Bot)
#help v Gr vir@would.you.want.to.suck.my.dick (Vladimir)
#help ][ShadoW][ Gr Shadow@uman.ultra.ck.ua (Shadow)
#help RealJhad H user@AF7F59B4.71C177C9.3E9E5A25.IP (Lucy)
#help SeenServ H+ ss@seenserv.dogm.net (SeenServ)
#help HelpBot HrB HelpBot@helpbot.dogm.net (HelpTeam Bot)

At first I thought this was going to be rather interesting... perhaps they had exploits for various IRC clients on connect or something of the sort, apparently they are legitimately just spamming their IRC server to advertise it. Unless I missed something (due to lack of access to mIRC and other Windows-based clients). So if anyone knows anything else, let me know.

Peace,
HT