False positive, irc.anonops-irc.org

[zappe]

02:45:02 zappe IP-BLOCK 193.169.86.77 (Type: outgoing, Port: 64033, Process: mirc.exe)

02:45:02 zappe IP-BLOCK 193.169.86.77 (Type: outgoing, Port: 64037, Process: mirc.exe)

14:45:04 zappe IP-BLOCK 94.102.55.74 (Type: outgoing, Port: 52823, Process: mirc.exe)

14:45:04 zappe IP-BLOCK 94.102.55.74 (Type: outgoing, Port: 52830, Process: mirc.exe)

[MysteryFCM]

This is not an F/P. Both MHost and Ecatel have a very very long history of housing malicious content and being "criminal friendly", and these IPs are no exception, given their relation to "Anonymous".

[joepie91]

This is not an F/P. Both MHost and Ecatel have a very very long history of housing malicious content and being "criminal friendly", and these IPs are no exception, given their relation to "Anonymous".

With all due respect, but are you even aware of what Anonymous is? Contrary to what many media outlets are (incorrectly) reporting, it is not a terrorist group, nor a group of criminals.

[MysteryFCM]

I know exactly what they are, and there's no way I'm getting into that here.

[tedivm]

In the past that IP address has been used to push malware, hence why it is on our block list. I've made sure that our researchers are aware of this false positive report, and they will look into it in order to make sure malware is no longer being pushed from it. If that is the case then it should be removed from the list shortly.

In the mean time if you are using the latest version of MBAM you should be able to add an exception for that IP address, which in turn should let you reach the irc network.

[tedivm]

Additionally, I am pretty sure those IP addresses do not belong to anonymous. The domain irc.anonops-irc.org does not currently resolve to anything, and irc.anonops.net is on a completely different range of IP addresses.

[joepie91]

In the past that IP address has been used to push malware, hence why it is on our block list. I've made sure that our researchers are aware of this false positive report, and they will look into it in order to make sure malware is no longer being pushed from it. If that is the case then it should be removed from the list shortly.

In the mean time if you are using the latest version of MBAM you should be able to add an exception for that IP address, which in turn should let you reach the irc network.

I understand that the IP addresses might have a history, and of course it's possible that it takes a while to fix that (after all, we are all still just humans and things just take time to be done properly). Indeed the network appears to be on completely different IPs now, which is logical, seeing as leafs occasionally get replaced with other leafs due to the "fluid" nature of Anonymous.

My response was not so much aimed towards the malware entry itself, but rather towards the implication that Anonymous == criminals, which is completely incorrect, and to be honest quite offensive (being involved with it myself). Especially someone involved with malware detection and security should know better than to generalize Anonymous into a group of "cybercriminals", in my opinion.

[tedivm]

I understand that the IP addresses might have a history, and of course it's possible that it takes a while to fix that (after all, we are all still just humans and things just take time to be done properly). Indeed the network appears to be on completely different IPs now, which is logical, seeing as leafs occasionally get replaced with other leafs due to the "fluid" nature of Anonymous.

My response was not so much aimed towards the malware entry itself, but rather towards the implication that Anonymous == criminals, which is completely incorrect, and to be honest quite offensive (being involved with it myself). Especially someone involved with malware detection and security should know better than to generalize Anonymous into a group of "cybercriminals", in my opinion.

Saying it isn't correct, well, isn't 100% correct itself either. Anonymous isn't good or bad, but the people who are anonymous can certainly be either. Anonymous doesn't have any spokespersons and doesn't have any rules. One group of people can take on a cause- such as Scientology, the defense of Bradley Manning, or the mirroring of Wikileaks- while a completely separate but still Anonymous group can invade boards, hack into and defame websites, or make people's lives a living hell. Sometimes Anonymous does things to make the world a better place, sometimes it does it for the lulz.

While many people (myself included) see such illegal things like DDoS attacks as having potential uses for things like protests, certain actions (like hacking the emails of people opposed to them) are very obviously criminal. If you look at the DDoS policy itself of Anonops-

Discussion of DDoS programs (LOIC, *loris for example) is permitted on our main network as we see it as a genuine form of protest. Such discussions do not contravene our hosts' terms of service. We currently do not permit LOICs to connect to our main network via hivemind, however, there are hosts on our network that do allow them as there is no penalty in their jurisdiction for this kind of client. loic.anonops.in will resolve to one of these hosts.

right there it is admitted that, in many jurisdictions, the actions they take are illegal. More importantly, they have special hosts setup in datacenters that specifically allow this type of behavior. By definition, doing things that are illegal make you a criminal, and without arguing the ethics or morals of it (which are an entirely different matter), I think it's safe for us all to admit that anonymous doesn't shy away from actions due to the legality.

Here is where the problem lies- Anonymous is just one small, tiny user at this datacenter. It doesn't matter that the actions of anonymous may be more protest than crime. In order for this datacenter's whole model of "bulletproof hosting" to work they need many more clients who have reason to fear law information. An incredibly large number of these other clients happen to be pushing malware, some are running CnC hubs for malicious botnets, others are used to dump stolen financial data. These are the things we want to protect our clients from, and that is why their IP addresses could have been added to our blacklist.