Forwarded From: hackerelitet_private From: http://www.newsit.com.au/index_news.htm Chat worms boring ISPs' bandwidth By GARTH MONTGOMERY 27oct98 WORMS in the popular chat client mIRC are wreaking havoc on the Internet. The chat client's scripting capabilities are being exploited by malicious worms, the latest predators to tunnel into users' home directory. They are devouring files at will, and potentially draining ISPs' bandwidth. A worm is a scripted program that replicates itself to other users and doesn't need a host file to function. Security vendors have warned that a particularly parasitic worm has rapidly spread due to the mIRC v5.4 client, which automatically accepts files uploaded from other users. A worm is easily attached to files being transferred using the mIRC client. It then tries to automatically propagate itself to other users without the knowledge of the original user. Shake Communications has documented a growing number of mIRC scripts containing instructions to send themselves to other users and plant unauthorised scripts on hard drives around the world. The latest worms have malicious commands inserted in mIRC scripts that can be set to make users retrieve non-existent files from a server. "By simply altering only one line of a script, hackers are making infected users unknowingly search for files that don't exist on an ISP's server," Shake Communications technical director Simon Johnson said. "Geocities reports that thousands of users a second are requesting non-existent files. "This has a draining effect on the service provider's bandwidth." The commands being inserted in mIRC scripts also provide remote access for users to execute malicious commands on hard drives, such as file deletion, or sending password files to other users on the mIRC channel. "Essentially the worm commands are only limited by the person modifying the script," Mr Johnson said. -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:57 PDT