Home Archive RSS/XML Subscribe Shop

[ISN] Script Kiddies - Problem with WORMS in MIRC

From: mea culpa <jericho_at_dimensional.com>
Date: Mon 26 Oct 1998 - 17:05:53 CST
Forwarded From: hackerelite@deathsdoor.com

From: http://www.newsit.com.au/index_news.htm
Chat worms boring ISPs' bandwidth By GARTH MONTGOMERY
27oct98

WORMS in the popular chat client mIRC are wreaking havoc on the Internet. 

The chat client's scripting capabilities are being exploited by malicious
worms, the latest predators to tunnel into users' home directory. 

They are devouring files at will, and potentially draining ISPs'
bandwidth. 

A worm is a scripted program that replicates itself to other users and
doesn't need a host file to function. 

Security vendors have warned that a particularly parasitic worm has
rapidly spread due to the mIRC v5.4 client, which automatically accepts
files uploaded from other users. 

A worm is easily attached to files being transferred using the mIRC
client. It then tries to automatically propagate itself to other users
without the knowledge of the original user. 

Shake Communications has documented a growing number of mIRC scripts
containing instructions to send themselves to other users and plant
unauthorised scripts on hard drives around the world. 

The latest worms have malicious commands inserted in mIRC scripts that can
be set to make users retrieve non-existent files from a server. 

"By simply altering only one line of a script, hackers are making infected
users unknowingly search for files that don't exist on an ISP's server," 

Shake Communications technical director Simon Johnson said. 

"Geocities reports that thousands of users a second are requesting
non-existent files. 

"This has a draining effect on the service provider's bandwidth." 

The commands being inserted in mIRC scripts also provide remote access for
users to execute malicious commands on hard drives, such as file deletion,
or sending password files to other users on the mIRC channel. 

"Essentially the worm commands are only limited by the person modifying
the script," Mr Johnson said. 

-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Oct 27 09:58:25 1998
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy