Local Internet Service Provider Jaring stated up to 38 local servers, mostly in universities and government organizations, and an estimated 30 foreign servers were compromised by the hackers.
"We managed to contact the owners of all these (local) servers to secure and stop them from being abused further," said Dr Mohamed Awang-Lah, vice president Mimos Berhad, the operator of Jaring, in a statement.
The statement did not clarify whether the hackers had been specifically tracked down or hauled up.
However, 14 Jaring subscriber accounts had been suspended, and warnings via email were issued to 160 dial-up subscribers, of which 146 were personal accounts and 14 corporate accounts.
"Attempts were also made to contact them by telephone, and we have so far received 26 replies and explanations. Users who continue to abuse or fail to respond within one week of issuance of notice may get their accounts terminated or suspended. Further investigations are still being carried out on all other abused accounts," he said.
Of the 38 compromised local servers, 18 were in nine different educational institutions, 16 in six government organizations and four were in three private companies.
"We have reasons to believe that at least 30 more servers in foreign countries have been used for the same purpose by the same group," he added.
Dr Mohamed stated that all the compromised servers detected so far were hacked using "well known methods."
He appealed to all IT managers and administrators in local private and public universities and government departments to review their IT policies and "take immediate action" to check and secure their networks.
"We would like to stress that all these security problems are due to operational and management weaknesses and not technology issues," he said.
He advised IT managers and administrators to take note of established techniques on how to protect their servers and directed them to some guidelines available through the local Internet security watchdog MyCERT's Web site.
Dr Mohamed also reminded individual Internet users to protect their PCs in order to avoid being used as launching pads by irresponsible parties.
Jaring managed to identify the compromised servers from daily abuse reports provided by the Undernet.org, a popular Internet Relay Chat (IRC) network, which has 41 servers worldwide.
Last month, the Undernet.org conditionally banned all Malaysian users from accessing its network after overwhelming abuses and claims of lack of response from the local ISPs for over two years.
The ban on Jaring, which has about 200,000 subscribers, was lifted on August 20 after it agreed to take action on the abuse complaints. Jaring maintains it was never contacted by the Undernet.org prior to the ban on August 16.
Since the ban, however, Dr Mohamed states the ISP has opened "direct communication channels" between the Undernet administrators and both the Jaring abuse team and MyCERT.
The Jaring statement included a daily record of abuse received from August 22 to September 15, totalling 2,360 incidents from Undernet.org.
The majority of the abuses were of insecure proxy servers and cloning. Insecure proxies allow unauthorized third parties to use servers for abuse purposes, while cloning is when a user establishes more than two chat clients from the same computer.
Jaring has also received a "first batch" of abuse listing from the Undernet.org of 38,323 abuse incidents recorded from January 5 to August 15 this year.
Besides cloning and insecure proxies the other abuses involved flooding, harassing and attacking other chat sessions.
Meanwhile, TMnet the other local provider whose users were permanently banned the since September 5, stated it was still appealing the ban and invites the Undernet.org "to have a discussion to resolve the issue soon."
Abdul Majid Abdullah acting COO of Telekom Multimedia, which runs TMnet, said he was "distressed" by the 20 to none unanimous vote by the Undernet administrators for the ban.
"The statement that the banning was due to 'lack of communication or cooperation from TMnet' is very stiff. We regret the perception on the statement for it is in our best interest to look after not only business relationships but the reputation of TMnet users and Malaysian Internet users as a whole," he said.
On its part, he said, TMnet had met the representatives of the Communications and Multimedia Commission, Mimos and MyCERT and agreed to share the "blacklist" of abusers.
It also agreed to prepare a unified Internet Code of Practice to educate users and curb further abuse. On September 7 it issued a stern warning via e-mail to all its users against the abuse.
