We here a lot about the rise of organized crime and the sophistication of the attackers. While this is true, in many cases I still see amateurish type attacks.

While reviewing an IPS I found the following messages. IPS still provides a great way to detect bot-nets and while there is an obvious problem on this network these IRC connections are being blocked by the IPS.

An interesting article related to this can be found here.

IRC Messages

:nick					:msg
#usb					Infected usb drive: E:

Interesting Nicknames to an IRC channel

VirUs-rigvgunl
VirUs-rflkbvny
VirUs-rexehaxz
VirUs-rcpcmobp
VirUs-rboinhcv
VirUs-raquheuv
VirUs-raozodkn
VirUs-racgucrn
VirUs-quyozuoc
VirUs-qufnunld
VirUs-msubtplz
[03|MEX|XP|981734]
[03|MEX|XP|444546]