Help getting rid of mass-joining drones

[Pickle]

Hi. Our channel has been getting mass-joined by a drone-net for a while now. The bots appear to mainly be running on irc.inter.net.il, irc.colosolutions.net, and irc.nac.net. A version invariably returns a reply of "Cottle Rocket v10.2". A partial list of some of the clients follows:

fourdogs (~fourdogs@I don't like)
birdflu (~birdflu@to read forum rules)
billary (~billary@I think that they)
nuggetz (~nuggetz@are for fools)
fishfood (~fishfood@Why should I bother)
algore (~algore@to listen to what they say?)
willyb (~willyb@I just want these drones)
dumper2 (~dumper@gone anyway.)
jerryg (~jerryg@So, someone, please help me)
pooter (~pooter@with some lines that are K, X or D.)
buffalo3 (~buffalo@BURMA SHAVE)

Obviously these are open socks proxies.

Assistance in getting rid of these drones would be appreciated.

[Pills]

/stats p those servers, and message an active oper when they're on.

[Pickle]

Unfortunately that hasn't been working very well.

By the way, the botnet is currently mostly on nac.net and blackened.com, if anyone cares.

[munky]

if they are obvious socks proxies, what port is the proxy on?

a few hosts appear in njabl, and a few in spamhaus, but none have SOCKS or HTTP proxies on any scanned proxy ports.

[Pickle]

Well, I say "obviously" based on the fact that none of them ever have resolving identds, and that they are all clearly part of a single botnet (same odd version info, automated mass-joins day and night). I don't know what port(s) the socks proxies may be using, unfortunately. Since about half the mass-joiners make it past blacklists it certainly isn't any commonly-scanned ports. I guess it could just be a bunch of zombie machines that have been compromised in some other way, but the effect is the same.