Bugtraq mailing list archives
Re: IRC script trojan with Unix based clients
From: wiseleo () JUNO COM (Leonid S Knyshov)
Date: Sun, 1 Jun 1997 11:20:40 -0700
Well... This is something that I am rather familiar with :) As of this moment, the only good sources for ircII scripts are at ftp://ftp.pimpz.org and ftp://bitchx.htoc.com You can trust the scripts from there. Meanwhile, an ircII script can be as powerful as a shell, please check on http://www.undernet.org the important FAQ file how to detect ircII backdoors, I believe its also on pimpz.org ftp site. You might want to hack a client source a bit to disable DCC and/or CTCP commands. To be safe you can simply rename them adn retain the functionality. The source for the clients is widely available on ftp://bitchx.htoc.com and ftp://ftp.undernet.org That's all for now, I'll gladly answer your ircII related questions in private. *** Leonid Knyshov AKA Wise_One <wiseleo () juno com> http://kiassociates.com/computerhelp http://kiassociates.com/computerhelp/personal For file attachments please use wiseleo () hotmail com and send a note about it here :) On Sat, 31 May 1997 01:03:21 +0300 Lista de securitate <bugtraq () LICJ SOROSCJ RO> writes:
This is a very strange trojan which affects Unix users (other OS-es may be affected as well) which use ircII or BitchX to link to irc servers. And in my country many system administrators do this. It was presented on the irc as amusement (how to kick off a listop with no access rights) but it may have more serious consequences. Some versions of a very popular (at least in romania) irc script (Atlantis) are trojan horses which implement new ctcp commands which allow other people on the irc world to execute irc commands in your client INCLUDING /DCC SEND AND /EXEC (if the client supports them) Atlantis 1.2b is the best known version of the script and if used under ircII (Unix version, Linux tested) The user using these two can have the mail read by others. Sample ircII prompt; noob victim, feur intruder: <feur> /ctcp noob version
Current thread:
- Re: IRC script trojan with Unix based clients Leonid S Knyshov (Jun 01)
- Re: IRC script trojan with Unix based clients Roger Espel Llima (Jun 02)
- Re: IRC script trojan with Unix based clients Alan Brown (Jun 02)
- AIX Security APARs Aleph One (Jun 02)
- <Possible follow-ups>
- Re: IRC script trojan with Unix based clients Paul Roberts (Jun 02)