[ISN] Script Kiddies - Problem with WORMS in MIRC

From: mea culpa (jerichot_private)
Date: Mon Oct 26 1998 - 15:05:53 PST

Next message: mea culpa: "[ISN] Hacker-proof credit card transactions?"

Previous message: mea culpa: "[ISN] Computers - IT - To Arms!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: hackerelitet_private

From: http://www.newsit.com.au/index_news.htm
Chat worms boring ISPs' bandwidth By GARTH MONTGOMERY
27oct98

WORMS in the popular chat client mIRC are wreaking havoc on the Internet. 

The chat client's scripting capabilities are being exploited by malicious
worms, the latest predators to tunnel into users' home directory. 

They are devouring files at will, and potentially draining ISPs'
bandwidth. 

A worm is a scripted program that replicates itself to other users and
doesn't need a host file to function. 

Security vendors have warned that a particularly parasitic worm has
rapidly spread due to the mIRC v5.4 client, which automatically accepts
files uploaded from other users. 

A worm is easily attached to files being transferred using the mIRC
client. It then tries to automatically propagate itself to other users
without the knowledge of the original user. 

Shake Communications has documented a growing number of mIRC scripts
containing instructions to send themselves to other users and plant
unauthorised scripts on hard drives around the world. 

The latest worms have malicious commands inserted in mIRC scripts that can
be set to make users retrieve non-existent files from a server. 

"By simply altering only one line of a script, hackers are making infected
users unknowingly search for files that don't exist on an ISP's server," 

Shake Communications technical director Simon Johnson said. 

"Geocities reports that thousands of users a second are requesting
non-existent files. 

"This has a draining effect on the service provider's bandwidth." 

The commands being inserted in mIRC scripts also provide remote access for
users to execute malicious commands on hard drives, such as file deletion,
or sending password files to other users on the mIRC channel. 

"Essentially the worm commands are only limited by the person modifying
the script," Mr Johnson said. 

-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "[ISN] Hacker-proof credit card transactions?"
Previous message: mea culpa: "[ISN] Computers - IT - To Arms!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:57 PDT