Found, a new rootkit

[Jacques B.]

> > We've cut our bandwidth use in half by getting rid of that.  We also
> > checked the logs and added several dozen more addresses
> > to /etc/hosts.deny, including many script based password guess attempts
> > that didn't get in.  And put portsentry in its most paranoid anal mode
> > with a few additions yet.

Might have been set up to host a botnet.  A hacker will set up a rogue
IRC server and then point his army of infected bots to it for
instructions.  So you'll find a channel with thousands of users in a
room, but nobody talking.  What you have are all infected machines
monitoring the channel for commands from the hacker.  This gives the
hacker a few layers of protection so very, very difficult to catch. 
They use these botnets to distribute spam, launch DDOS, or whatever
else their imagination came come up with.  Either of those would
contribute to an increase in bandwidth usage.

Jacques B.