mIRC exploit

Discussion in 'Windows Desktop Systems' started by Kr0m, Dec 29, 2001.

  1. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    There's a new mIRC exploit going around. It doesn't really do anything damaging. It just installs a remote that listens for onjoins and it mass messages people with code to run. Here's more info on it...
    http://trout.snt.utwente.nl:82/show...=41151&page=0&view=collapsed&sb=5&o=31&fpart=

    Here's the command to get rid of it: //unload -rs Ä | remove Ä

    I know this has nothing to do with XP, but since alot of us chat on IRC, I figure'd I post this.
     
  2. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Here's a quote from the mirc forums:

    "This is an exploit, not a virus - although at the rate it's spreading, you're giving virii in general good competition. Don't use the code, trust me you won't get ops in any channel

    Here's removal instructions from MIMP, a moderator on these boards:

    //unload -rs Ä | remove Ä

    A quick breakdown of what it does: It creates a file named Ä that has an on join event that messages people to type the command... all it's doing is taking up bandwidth. This does no harm to your computer, it just makes you mass message. If you want to make sure you don't have this file/problem, you can check your remotes, or type:

    //echo 2 $iif($script(Ä),You need to now type: //unload -rs Ä $chr(124) remove Ä,no problems found)

    It's a simple script that checks to see if the file Ä is loaded, if it is, it gives you instructions on how to remove it"

    ... but yeah, people should have their dcc's turned off and do not run codes people display to them, or even goto URL's people show them(especially since websites can infect you.)
     
  3. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    I got sent that yesterday... very not cool.
    It was sent as a PM saying type this to get ops in this channel, I tried it in a private channel but nothing happened.
    I quit and rejoined and saw I was PMing people the same crap, I tried to talk to the guy but he was Norweigan and had no idea what I was on about.
    I deleted mIRC, reinstalled and it was gone.
    I also just tried deleting that A file, as I didn't recognise it, but then it only PMed part of the message.
    Sad.
     
  4. DrX

    DrX Guest

    I also got this file sent to me , it was only the second time i have been on IRC too :(

    Thanks for the link, i now know what the hell is going on


    Why do they do this ?
     
  5. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    No, this particular exploit has nothing to do with dcc chat or send. it's just code messaged to you in private. Once you run the //decode script it makes a file in your mirc directory, so you will automatically private message people when they join the channel you are on. The biggest thing to learn here is not to run any "//decode" lines.
     
  6. waddy

    waddy OSNN Senior Addict

    Messages:
    296
    The first time i ever went onto an IRC channel some supposed girl send me a picture , now this was a fresh install and for some stupid reason hadnt installed my Antivirus .....

    anyway i get this picture and have a look, not knowing these guys had put a trojan in it :(

    Suddenly my screen was upside down ...HAHAHHAHAaa

    i thought it was a hardware error , i didnt know it at the time but it was Sub7 ...:(

    Luckily I was on 56K and my IP changed , so no harm was done

    anyway the days went on , i thought i had better put the AV on now , installed it did a scan and sure enough i was infected ...lol

    so i did a fresh format and learnt a lesson in the process

    :p
     
  7. DrX

    DrX Guest

    ROFL !!!

    im sure many people have been through that but wont admit it ....

    no firewall or antivrus nowadays is just crazy

    they are the first things i installl
     
  8. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    True. People shouldn't get on the net without a firewall of somesort or a virus scanner. There's just too many ways to get infected now. I generally don't like to run any extra apps if I can help it since they take up ram and cpu usage(since I only have a 533 Celery) but I leave the vir scan and firewall on whenever the PC is on.
     
  9. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    Viruses can be transmitted so many ways these days, you can even get them by kissing.

    "And thats another reason to stay away from girls"
    The Fast Show.

    (Not my opinion)
     
  10. existenz

    existenz Guest

    LOL!!!!