ASCII Table
mIRC Pastebin
Raw Numerics
User Map
User Browser
Channel Browser
Team Clan X Scripting Group Site mIRC Scripts Dot Com
IRC Junkie - IRC News Download mIRC scripts, addons and bots
 13 May @ 01:11pm. #mirc.net @ undernet. Welcome, Guest | Sign in   
   Forums       Screenshots       Scripts       Addons       Snippets       Misc       DLLs       Tutorials       Community    
   Submit form       Download mIRC       Servers.ini       IRC News       Newbie Tutorial       Challenges       Tools    
 › IRC Dangers
IRC Dangers by Mentality

There are a lot of dangers out there on IRC and indeed the Internet in general. Just like in real life there are nasty people out there who couldn't give a damn about your connection, your fun or your convenience - infact, quite the opposite, they want to prevent you from having fun. They don't care if you're 13 years old or 70 years old. They don't care if you're new to the Internet, they don't care if you're male, female, black, white, purple or pink, these people will set out to cause you inconvenience and harass you.

However, fear not. This document aims to cover some of the issues related to people trying to infect you with viruses and spyware - problems you WILL come across in your IRC life, whether you like it or not - there are traps out there that are set to cause you huge inconvenience, both on and off IRC. We also aim to give you information about "packet kiddies" who you may unfortunately come across who deliberately disconnect you from the Internet.

Viruses

Viruses...trojans...backdoors...worms...some of these words you're likely to have heard of, even if you're new to IRC. Those 4 words do not mean the same thing, but what they do all have in common is they are BAD and malicious code. One of the first viruses ever to appear came about in 1987 which attacked a network used by the US defense department and universities (called ARPANET). Since then, there has been a huge boom in antivirus software, and new viruses being created and released across the Internet - every single day.

It's not surprising it's such a big issue. IRC Viruses are set to spread in many devious ways, some ways which an IRC user cannot be expected to understand - they are set to prey upon newbie users who haven't got a clue what's going on in front of them, and fall for the tricks that are played on them. Before covering HOW you get infected, it's best to make sure you know exactly what we're talking about, so here's a short description of what a virus, trojan and backdoor is:

Virus - A virus is determined by a file which replicates itself over and over again. They can cause HUGE damage to your computer. There are simple viruses that simply constantly replicate, and therefore, use all your memory, but there are more serious viruses which can spread all over networks and bypass security systems. Worms are basically the same as viruses, they just can't attach themselves to files.

Trojan - Named after the trojan horse which "took over" Troy. A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Backdoor - An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.

Don't worry too much about that though - just remember, they are all malicious code and you don't want ANY of them. So let's cover how to keep yourself clean from them, and how it's possible you can be infected...

One way to get infected, and the most common, is by clicking on URLs. URLs are website addresses (so www.mirc-undernet.org is a URL) - It means Uniform Resource Locator, but don't worry about that! mIRC has a feature whereby you can double click on a URL and it will open a new browser window (your 'browser' is what you use to access the web - for example, Internet Explorer) and loads the web page which you clicked. Now, it is possible for websites to exploit you through various bits of code - so, when you go to a website, without touching anything, you can be infected with a trojan. Scary eh? Alternatively, you might find a URL ends with "something.exe" - where 'something' is an actual word, but the point is, it ends with '.exe'. .exe is a file type - it means executable, so it executes something on your computer. This is one of the most common virus types around and something to be wary of. If any URL is sent to you that ends in .exe, it's best not to click on it unless you know and trust the person who is giving you the URL.
A good way to help protect yourself from clicking on dangerous URLs, even by accident, is to set the mIRC options which will give you a warning every time you click a URL and ask for confirmation that you wish to open the website - To set this, go to <b>ALT+O > IRC > Catcher</b> and check the box that says "Show warning when opening a URL". Make sure you also have all available Windows Updates from http://www.windowsupdate.com/

You may also find that you get regularly message'd by other users with promises such as "FREE PORN" and "TO GET OPS IN THE CHANNEL, TYPE..." and "USE THE LATEST EXPLOIT, TYPE..." - Messages that ask you to type something are BAD. NEVER type what other people tell you to type - why should you? If you don't know what something does, don't type it. Some mIRC commands can be abused you see and people do indeed attempt to do it. People who are infected with an IRC virus may automatically message you when you join a channel telling you to type something like "//write $decode(...." with a bunch of random letters and numbers. If you type what they tell you, then you will find that you will also message people when they join channels, because it will infect you too. These types of infections are more annoying than dangerous - but they will get you banned from most channels.

The mIRC DCC feature is also a problem. Just as a bit of info, DCC means 'Direct Client to Client'. When you join a channel you may find that someone tries to DCC send you a file. NEVER accept files from people you don't trust, or know - NEVER accept files that are sent to you when you join a channel. Again though, there are ways to protect yourself. First of all, you can set DCC to "Ask" you to accept a file before you do so - this is the default mIRC option. Type /sreq ask to ensure this is set. You can also use the DCC Ignore function - this will ignore certain file types from people. Go to the DCC ignore options dialog via ALT+O > DCC > Ignore and set what you like. To accept a file from a friend that you trust, simply type /dcc ignore off and then ask them to send it. DCC Ignore, by default, will switch itself back on after 3 minutes. You can change this through the options dialog.
Watch out for files that have been altered to look as if they end with something semi-innocent such as ".jpg" (a picture file) but actually end with .exe (an executable file). For example, someone may try to send you "myphoto.jpg.exe" - always look at the end of the file name.

Finally, mass file trading. IRC is a chat medium - it means Internet Relay Chat and is meant for that. It is NOT meant for trading with XDCC bots, File Serving scripts and the like. Downloading the latest mp3s, movies or software version is illegal - it breaks International copyright laws. It is also a big factor in infecting people - people deliberately spread viruses throughout IRC with these XDCC bots..just because a file looks like "TheMatrix3.avi" doesn't mean it is - it's probably a virus! Let's not also forget that downloading files, especially movies, severely lessens the quality of the product. You will quite possibly spend 2-3 days downloading a 600GB file, to find that you only have one half of the movie and it has poor sound and picture quality. It is best to go out and buy/rent the latest DVD/Video, or go and pay to see the movie at the cinema. Certain organisations are rapidly getting more serious about observing the law - hundreds of people have faced large fines due to the copyright material they have downloaded via IRC (amongst other programs), including people under the age of 18. Even more people have suffered at the hands of downloading viruses.

As mentioned before, a number of programs ('AntiViruses') have been created to help you clean yourself of a current infection and protect yourself from future infection. See the Resources section at the bottom of this document for some info.

GT Bots

GT Bot is a type of trojan. It has been specifically named in this document due to the particular threat it has against IRC and IRC users above other trojans. GT Bot means Global Threat Bot. All it is is an mIRC.exe file on your computer that will run when you start Windows, without you making it do so. Once mIRC has been started, it will be hidden. It is very probable that you will not even see the program start. It will hide the mIRC.exe so you cannot see it running. Once mIRC has been started, it will connect to a network (whatever one it has been programmed to do) and join a certain, preset channel. Now, once hundreds of people worldwide are infected with a particular GT Bot, and they are sitting in one particular channel, it is called a 'botnet' (a network of bots).

So what do they do in there? Well, the person who programmed the GB bots (the 'botmaster') can then join and use various commands to launch attacks against IRC users, IRC servers and any website they wish. You are quite possibly taking part in one of these illegal attacks right now as you read this - you would have absolutely NO idea. These attacks are called 'DDoS' attacks (an expression you're likely to hear) - It means Distributed Denial of Service attacks. It's a form of DoS (Denial of Service) attacks, but from a range of infected hostnames and IPs (hence 'distributed').

If nobody in the world was infected with GT Bots a *HUGE* weight would be lifted off of the Internet and the Internet would be a much safer place to be, as would IRC. Please see the Resources section for anti-virus programs and the like which can get rid of this infection.

Spyware

Spyware is newer than viruses. Spyware is not really harmful to you or other people, but it is a problem you do NOT want on your computer. Spyware, as it name suggests, spies on your computer and reports, usually via e-mail, what you have been doing on your computer. It can send this to an individual person or it can send it to a large company so they can monitor how to sell their product. Those are called keyloggers (as they "log" the "keys" you press). It also makes annoying pop-up adverts appear on your screen almost every time you visit a website. "Browser Hijackers" can also continually set your homepage to an annoying search engine that only returns pornographic results.

Unfortunately, one of the problems with spyware is that you usually willingly install it on your computer! Most people with spyware have infected themselves by purposefully agreeing to a license agreement. Programs such as 'KaZaa' and 'iMesh' come with these spyware programs and will not work unless they are installed on your computer. They then tell you that you must pay money to get a "lite" version of their product without the spyware. Installing the software, then cleaning yourself often disables the program from working. It is NOT a good idea to download such programs, they are only used for people who wish to download illegal files. The websites of these programs often put a front on and promote the advertisments as some sort of GOOD thing. They also promote the illegal downloading of files as a GOOD thing. Please do not be fooled by their clever wording, they are in support of it because they are making millions of dollars out of it, they do not care about you or your computer.

Since the "spyware boom" of recent years a number of extremely good programs have been created to help clean your system of infections - see the resources section at the bottom of this document.

Packet Kiddies

You may well be unfortunate enough to come across a 'packet kiddie'. 'Packet kiddie' is the expression given to people who choose to 'packet' others in order to disconnect them from IRC or the Internet. The word 'kiddie' is used due to their childish, immature and pathetic behaviour. A lot of them are also actually kids - 12/13 year olds easily have the power to disconnect you from the Internet. Never be fooled into thinking they are some sort of computer nerd, they want you to think they are "elite" and clever. They are not. Anyone with access to a botnet only has to type a simple command to a channel to launch the attack - a 7 year old could do it.

Let's try to understand what packeting is...

There are 'packets' flying around the Internet every second of the day, all year round. It never stops. 'Packets' are little bits of information. When you press a key on your keyboard, in basic terms, you send out a packet of information, and then a packet is returned telling your computer to make whatever you pressed appear on your screen (or do whatever other function that particular key was meant to do). So even just typing text on IRC you are making packets of information fly around all the time. These packets are completely harmless, if not actually useful (after all, your keyboard would just be useless if it wasn't for them!)

However, when someone packets you, they usually take control of a 'botnet', as described earlier in the GT Bot section. These bots will send your connection hundreds of small USELESS bits of information, or useless packets - this will bog down your connection as it won't be able to handle it, and eventually (within a few minutes) disconnect you. When on IRC, the packet kiddie will usually say "Goodbye :)" - you will then not notice anything happen...then after a few minutes, it looks as though everyone has stopped talking. You ask if anyone's alive...nobody replies. You try to /hop and it doesn't rejoin. Eventually, you get the inevitable *** Disconnected error message. This can happen for reasons other than packeting, but it's a possibility someone is packeting you. A good way to tell is by trying to access any web page with your browser. Also, if you have it installed, try connecting to MSN Messenger - it will probably be unable to sign in. Same should apply to AIM (AOL Instant Messenger).

Seems simple enough - so what wonderful program have they come up with to prevent these? Unfortunately, none...

It is not possible to STOP packeting from being done to you, not from your end anyway. There are a few ways you can avoid such an attack though. One of the best ways is to simply stay away from them! Do not go into channels asking "how to hack" people - those channels will likely have packet kiddies in them. Don't abuse other channels, you never know who you're going to make angry. Don't go to so-called "elite" channels. They are not elite, they are lame. Do not get involved with people who proxy flood or clone flood channels - those types and their friends will forever linger around you and if you annoy them, they will packet you. Sometimes they just do it because they are bored and you haven't done anything.

Another way is to use the Undernet +x usermode. See, when someone packets you they need to know your Internet Protocol number (IP number). This is readily available to people on IRC - all they need to do is type /dns your-nickname and in most cases they will have your IP. If you set mode +x however, your IP is covered up with "username.users.undernet.org" - where 'username' is whatever username you registered. To register a username, go to http://www.cservice.undernet.org/live and click on 'Register'. Follow the simple instructions. If you have problems with email use your ISP email. For further help ask in #CService on Undernet.

Finally, you could just detect them. Using a Firewall (see the Resources section) will log all inbound connections to your computer. You can then detect any foreign detections made and see what ISP they come from. So if you get an IP and then use mIRC to /dns IP.here you should get a hostname - at the end is likely to be the name of the ISP. For example, if it's an AOL IP, you will see "aol.com" at the end of the hostname. You may also see "comcast.net" or "ntl.com" etc.

Resources

Below are a number of resources which will help you steer clear of viruses, spyware and log attacks. When detecting virus/spyware it's a good idea to run 2-3 as not ONE virus scanner can detect everything as they scan in different ways. Don't run them at the same time, but use 2-3 at different times. It's also a good idea to KEEP them installed on your computer, and if they have auto-protect features, have them enabled.

Free AntiVirus Programs

AVG Free Edition
Avast!
AntiVir

Free Online Virus Scanners

Panda ActiveScan
Trendmicro Housecall
RAV Online Scan
BitDefender Online

Trojan Scanners

McAffee Stinger
Symantec
Avast!
Kaspersky clrav
SwatIT!

Shareware AntiVirus Programs

FSecure
KAV
Sophos
Nod32

Shareware Trojan Scanners

The Cleaner
TDS-3
Trojan Hunter
Trojan Remover
Tauscan

Spyware Detectors

Ad-Aware
Spybot - Search & Destroy
Pest Patrol

Firewalls

As mentioned in the Packet Kiddies section, firewalls help detect people who attack you. Once you have found the ISP that is attacking you, report the hostname, IP and time of attack, aswell as the exact Firewall log to the ISP - usually, the abuse email is abuse@isp.com (i.e. abuse@aol.com), however, search Google
and you find the ISPs website - find out how to contact the abuse department.
Make sure you do not use two firewalls at the same time, they may conflict and cause connection problems...

Free:

Zone Alarm
Kerio Personal Firewall
Sygate
Agnitum Outpost Free

Shareware:

EZ Firewall
Sygate Professional
Tiny Personal Firewall
Norton Personal Firewall
Kaspersky

McAffee

More Information

The following are good resources you may wish to read up on:

Symantec Security Response
DALnet's #NoHack
mIRC.com's Virus Help Page
Undernet's #VH

Conclusion

This document can perhaps seem a little unrelated to IRC/mIRC - but it is not. IRC is full of nasties that you must watch out for. Huge IRC networks have been forced to close down both permanently and temporarily due to attacks caused by infected users. Undernet was severely attacked a few years back and nearly "died". Many mIRC-related websites, even the official mIRC website, have been taken down due to attacks. It's important to keep yourself clean and not give attackers an easy ride.

Remember, keep to chatting, have fun, and stay safe!

P.S. A big thank you to ParaBrat from DALnet's #mIRCAide for writing up this post and to the people who contributed to those resources.

 

Contacts & Credits  /  Contributers  /  Terms and Conditions  /  Our Logos  /  Statistics  /  Report Abuse  /  Our History  /  Advertise
Link to us:

Copyright © mIRC Scripting Network 1999-2008.
If you have found a bug, please send a pmsg to wiggle or tye (pmsg).
Page compiled in 0.002s.
 		94 visitors online (1 registered / 93 guests).
Using GZIP Compression.
You just ate 13.15 kb of our traffic.