SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Computer Learning
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
From: LTBH8/31/2005 1:14:36 AM
  Read Replies (1) of 110626
 
Cow, Gottfried et al,

Been number of years since my brief encounter using an IRC program. Am trying a new game that requires use of one. Reason I quickly discontinued use years ago was due to security issues.

I did a quick search on IRC vulnerability and see that as recently as 13 days ago, a new IRC threat hit that is setting records for number of PCs infected.

Several snippets:

------------

IRC Vulnerability *updated* bookmark topic | reload topic
IM |View profilesekhu 8/16/2005 14:28:39
Edited by sekhu - 8/17/2005 12:18:22 PM
The Microsoft Plug-and-Play vulnerability exploited by the ZoTob worm has been harnessed to create an IRC bot. IRCBot-ES uses the vulnerability to spread instead of more common vectors such as Windows RPC security vulns.

The attack provides evidence that virus writers are swarming around the vulnerability - which was only disclosed last week - thinking up new ways to attack vulnerable systems. Early indications are that IRCBot-ES may be more potent that ZoTob because it's easily capable of spreading around internal networks once an infected machine is plugged into a Lan. Anti-virus firm F-secure reports that one organisation has suffered widespread infection from IRCBot-ES via this mechanism. Meanwhile a further variant of ZoTob has been discovered.

The clear interest from malware authors in the vulnerability underlines the need for Windows users to get patched up sooner rather than later.

El Reg

----------

W32/IRCbot worm beats Sasser record
Robert Jaques, Personal Computer World 2005-08-17

Security experts today raised the risk assessment to high on the recently discovered W32/IRCbot.worm!MS05-039 worm, which is also known as IRCbot.worm!MS05-039.

------------

Description
Summary Description Recovery
This section helps you to understand how it behaves

Troj/IRCBot-B is a backdoor Trojan which allows remote access and control over the computer via IRC channels.

When first run, the Trojan moves itself to the Windows System folder as api32.exe and creates the following registry entry so that api32.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\API32
= %SYSTEM%\api32.exe

-------------

My Questions:

1) What is the best IRC program today?

2) What is the most secure IRC program today?

3) Is there any companion program that specifically targets blocking unauthorized access via IRC/IRC Server?

Note: its my understanding that many of the suspects "steal" the server code/commands which then allows access to your PC and then it drops the infection on it. At that point your computer can then be accessed by the bad guy at their convenience.

IIRC, in days goneby, these were called Zombies but do not seem to be nowadays.

One of the programmer/devs for this game professes its secure nature due to their own dedicated IRC server. Seems to me they are ignoring possibility of a "gamer" also being a bad guy.

Any and all comments solicited. I would like to continue playing but only if I can do so securely.

LTBH
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News