Odd identd behavior

While going through logs, and looking at mail server ident daemonreplies that 
don't fit the RFC-1413 standard, I noticed the followingstring from a few 
servers:
"220 ..:: €lit€-Cr€w Rulez ::..."
Looks to me like this group has been compromising mail servers, andthen instead 
of taking them down, lets them continue running, althoughwith a slight 
modification. They probably siphon off a copy of allemail transiting their 
servers as well, although without access to anyof these servers, I can't tell.
Interesting to note, if you send 2 ident requests, the second one comes back as:
"220 ..:: €lit€-Cr€w Rulez ::....530 Not logged in..."
This leads me to believe this is the backdoor into these mail servers,after 
all, if you're trying to hide a backdoor from port scans, ordealing with 
stringent firewall rules, subverting an existinglistening process is a smart 
way to do it.
I have not notified the 0wned sites, mostly because I'm not reallysure what to 
do there. I can't email them, which means I have toattempt to find a contact, 
and then call them. Then of course, theperson I manage to get a hold of needs 
to understand what I'm tryingto say, and I have to hope they don't then try and 
email someonetelling them that they have been compromised, thereby letting 
theattackers know.
I'm curious as to whether anyone else has seen ident replies like this.
Thanks,Mike