Re: lifestages on IRC

[vinceh () TECHDREAMS COM (Vincent Hillier)]

On Sun, 9 Jul 2000, Omicron N wrote:

> hi
>       I was on IRC ( on Win 2000) when i received a mesg window asking
> for permission to transfer the file LIFE_STAGES.TXT, I naturally said
> no. But when i saw the message in the Server connection window, the name
> was LIFE_STAGES.SHS. Now the threat from a virus/worm remains remote if
> the user is alert. But what i want to know is if it is possible to fool
> the user into clicking the wrong button and making him execute the file.

Yes, it is. Users who are not very computer inclined, would probably say
YES and accept the file, this is common, very common. You will see people
sending mypicture.bmp.vbs, and the like via IRC.  However, the user must
then goto the client download directory and click on the file.  Some ircds
are now filtering files, they will not allow certain filetypes to be sent
via DCC.

>       Is it possible to spoof the ip address given by the irc client to
> the IRC server ?

Most commonly, people use a "vhost" which is a virtual host via a BNC
(IRC Bouncer) basically an IRC proxy server.  So the given IP may not
really be of the user sitting behind a terminal, but the server running
the BNC.

> Actually, i'm new to IRC and don't know anything about
> this.  This "offer" of file happened twice , so i've started using irc on
> linux only.

> Also What can i do to track the guy who was doing me this
> "favor" ?

More often then not, the users sending you these files, really do not
know they are sending them.  Most worms nowadays, embed themself into
the clients remotes, (most commonly the mIRC Client) and these files
get sent to anyone that joins the channel, without the user at the
terminal even knowing.  As for tracking /dns nickname will return
the users IP, but as stated above, this may not be accurate.

Vincent Hillier
vince () lansystems com
Network Administrator
http://www.lansystems.com