I was just taking a look at #awesome IRC stats, and I saw that there was a huge traffic 2 days ago. That was weird, so I did take a look in my log files. And yes, in fact, something happened.

At 03:26 GMT+1, suddenly, several hundreds of users joined the channel in somethng like 1-2 minutes, and then just left in same timeline. Some minutes after that, some guys began to talk with one of the real awesome user who was hanging out there.

It seems that these guys describe themselves as a "Turkey Hack Team".

I've seen a lot of hacked box in my (short) sysadmin life. Many of my customers have no idea of what security is, and this week I'm still working for a customer with an hacked box.

And one of the thing I never got was why all these "hackers" were downloading and installing IRC bot or IRC proxy on these compromised boxes. I say "hackers" with big quotes, because when I see in their command line history somethings like "rm .bash_history; logout" or "./exploit_of_dead_to_become_root" when the user they got the password has sudo right, I must laugh.

Now, I understand: it seems there are doing some sort of "parade", making all their bots joining an IRC channel and then left. That's so amazing. that I can say for sure: if I'd be a chick, I'll be stripping my shirt vehemently.

But the thing is that so far I've no idea if a turkey hack team is somehow related to chickens.