[ISN] Script Kiddies - Problem with WORMS in MIRC

From: mea culpa (jerichot_private)
Date: Mon Oct 26 1998 - 15:05:53 PST

  • Next message: mea culpa: "[ISN] Hacker-proof credit card transactions?"

    Forwarded From: hackerelitet_private
    
    From: http://www.newsit.com.au/index_news.htm
    Chat worms boring ISPs' bandwidth By GARTH MONTGOMERY
    27oct98
    
    WORMS in the popular chat client mIRC are wreaking havoc on the Internet. 
    
    The chat client's scripting capabilities are being exploited by malicious
    worms, the latest predators to tunnel into users' home directory. 
    
    They are devouring files at will, and potentially draining ISPs'
    bandwidth. 
    
    A worm is a scripted program that replicates itself to other users and
    doesn't need a host file to function. 
    
    Security vendors have warned that a particularly parasitic worm has
    rapidly spread due to the mIRC v5.4 client, which automatically accepts
    files uploaded from other users. 
    
    A worm is easily attached to files being transferred using the mIRC
    client. It then tries to automatically propagate itself to other users
    without the knowledge of the original user. 
    
    Shake Communications has documented a growing number of mIRC scripts
    containing instructions to send themselves to other users and plant
    unauthorised scripts on hard drives around the world. 
    
    The latest worms have malicious commands inserted in mIRC scripts that can
    be set to make users retrieve non-existent files from a server. 
    
    "By simply altering only one line of a script, hackers are making infected
    users unknowingly search for files that don't exist on an ISP's server," 
    
    Shake Communications technical director Simon Johnson said. 
    
    "Geocities reports that thousands of users a second are requesting
    non-existent files. 
    
    "This has a draining effect on the service provider's bandwidth." 
    
    The commands being inserted in mIRC scripts also provide remote access for
    users to execute malicious commands on hard drives, such as file deletion,
    or sending password files to other users on the mIRC channel. 
    
    "Essentially the worm commands are only limited by the person modifying
    the script," Mr Johnson said. 
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:57 PDT