|
.::... Viruses ...::. |
| Viruses...trojans...backdoors...worms...some of these words you're likely to have heard of, even if you're new to IRC. Those 4 words do not mean the same thing, but what they do all have in common is they are BAD and malicious code. One of the first viruses ever to appear came about in 1987 which attacked a network used by the US defense department and universities (called ARPANET). Since then, there has been a huge boom in antivirus software, and new viruses being created and released across the Internet - every single day. It's not surprising it's such a big issue. IRC Viruses are set to spread in many devious ways, some ways which an IRC user cannot be expected to understand - they are set to prey upon newbie users who haven't got a clue what's going on in front of them, and fall for the tricks that are played on them. Before covering HOW you get infected, it's best to make sure you know exactly what we're talking about, so here's a short description of what a virus, trojan and backdoor is: Virus - A virus is determined by a file which replicates itself over and over again. They can cause HUGE damage to your computer. There are simple viruses that simply constantly replicate, and therefore, use all your memory, but there are more serious viruses which can spread all over networks and bypass security systems. Worms are basically the same as viruses, they just can't attach themselves to files. Trojan - Named after the trojan horse which "took over" Troy. A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. Backdoor - An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk. Don't worry too much about that though - just remember, they are all malicious code and you don't want ANY of them. So let's cover how to keep yourself clean from them, and how it's possible you can be infected... One
way to get infected, and the most common, is by clicking on URLs. URLs
are website addresses (so www.mirc-undernet.org is a URL) - It means
Uniform Resource Locator, but don't worry about that! mIRC has a feature
whereby you can double click on a URL and it will open a new browser
window (your 'browser' is what you use to access the web - for example,
Internet Explorer) and loads the web page which you clicked. Now, it
is possible for websites to exploit you through various bits of code
- so, when you go to a website, without touching anything, you can be
infected with a trojan. Scary eh? Alternatively, you might find a URL
ends with "something.exe" - where 'something' is an actual
word, but the point is, it ends with '.exe'. .exe is a file type - it
means executable, so it executes something on your computer. This is
one of the most common virus types around and something to be wary of.
If any URL is sent to you that ends in .exe, it's best not to click
on it unless you know and trust the person who is giving you the URL. You may also find that you get regularly message'd by other users with promises such as "FREE PORN" and "TO GET OPS IN THE CHANNEL, TYPE..." and "USE THE LATEST EXPLOIT, TYPE..." - Messages that ask you to type something are BAD. NEVER type what other people tell you to type - why should you? If you don't know what something does, don't type it. Some mIRC commands can be abused you see and people do indeed attempt to do it. People who are infected with an IRC virus may automatically message you when you join a channel telling you to type something like "//write $decode(...." with a bunch of random letters and numbers. If you type what they tell you, then you will find that you will also message people when they join channels, because it will infect you too. These types of infections are more annoying than dangerous - but they will get you banned from most channels. The
mIRC DCC feature is also a problem. Just as a bit of info, DCC means
'Direct Client to Client'. When you join a channel you may find that
someone tries to DCC send you a file. NEVER accept files from people
you don't trust, or know - NEVER accept files that are sent to you when
you join a channel. Again though, there are ways to protect yourself.
First of all, you can set DCC to "Ask" you to accept a file
before you do so - this is the default mIRC option. Type /sreq ask to
ensure this is set. You can also use the DCC Ignore function - this
will ignore certain file types from people. Go to the DCC ignore options
dialog via ALT+O > DCC > Ignore and set what you like. To accept
a file from a friend that you trust, simply type /dcc ignore off and
then ask them to send it. DCC Ignore, by default, will switch itself
back on after 3 minutes. You can change this through the options dialog. Finally, mass file trading. IRC is a chat medium - it means Internet Relay Chat and is meant for that. It is NOT meant for trading with XDCC bots, File Serving scripts and the like. Downloading the latest mp3s, movies or software version is illegal - it breaks International copyright laws. It is also a big factor in infecting people - people deliberately spread viruses throughout IRC with these XDCC bots..just because a file looks like "TheMatrix3.avi" doesn't mean it is - it's probably a virus! Let's not also forget that downloading files, especially movies, severely lessens the quality of the product. You will quite possibly spend 2-3 days downloading a 600GB file, to find that you only have one half of the movie and it has poor sound and picture quality. It is best to go out and buy/rent the latest DVD/Video, or go and pay to see the movie at the cinema. Certain organisations are rapidly getting more serious about observing the law - hundreds of people have faced large fines due to the copyright material they have downloaded via IRC (amongst other programs), including people under the age of 18. Even more people have suffered at the hands of downloading viruses. As mentioned before, a number of programs ('AntiViruses') have been created to help you clean yourself of a current infection and protect yourself from future infection. See the Resources section at the bottom of this document for some info. |
| .::... GT Bots ...::. |
|
GT Bot is a type of trojan.
It has been specifically named in this document due to the particular
threat it has against IRC and IRC users above other trojans. GT Bot
means Global Threat Bot. All it is is an mIRC.exe file on your computer
that will run when you start Windows, without you making it do so. Once
mIRC has been started, it will be hidden. It is very probable that you
will not even see the program start. It will hide the mIRC.exe so you
cannot see it running. Once mIRC has been started, it will connect to
a network (whatever one it has been programmed to do) and join a certain,
preset channel. Now, once hundreds of people worldwide are infected
with a particular GT Bot, and they are sitting in one particular channel,
it is called a 'botnet' (a network of bots).
So what do they do in there? Well, the person who programmed the GB bots (the 'botmaster') can then join and use various commands to launch attacks against IRC users, IRC servers and any website they wish. You are quite possibly taking part in one of these illegal attacks right now as you read this - you would have absolutely NO idea. These attacks are called 'DDoS' attacks (an expression you're likely to hear) - It means Distributed Denial of Service attacks. It's a form of DoS (Denial of Service) attacks, but from a range of infected hostnames and IPs (hence 'distributed'). If nobody in the world was infected with GT Bots a *HUGE* weight would be lifted off of the Internet and the Internet would be a much safer place to be, as would IRC. Please see the Resources section for anti-virus programs and the like which can get rid of this infection. |
| .::... Spyware ...::. |
|
Spyware is newer than viruses.
Spyware is not really harmful to you or other people, but it is a problem
you do NOT want on your computer. Spyware, as it name suggests, spies
on your computer and reports, usually via e-mail, what you have been
doing on your computer. It can send this to an individual person or
it can send it to a large company so they can monitor how to sell their
product. Those are called keyloggers (as they "log" the "keys"
you press). It also makes annoying pop-up adverts appear on your screen
almost every time you visit a website. "Browser Hijackers"
can also continually set your homepage to an annoying search engine
that only returns pornographic results.
Unfortunately, one of the problems with spyware is that you usually willingly install it on your computer! Most people with spyware have infected themselves by purposefully agreeing to a license agreement. Programs such as 'KaZaa' and 'iMesh' come with these spyware programs and will not work unless they are installed on your computer. They then tell you that you must pay money to get a "lite" version of their product without the spyware. Installing the software, then cleaning yourself often disables the program from working. It is NOT a good idea to download such programs, they are only used for people who wish to download illegal files. The websites of these programs often put a front on and promote the advertisments as some sort of GOOD thing. They also promote the illegal downloading of files as a GOOD thing. Please do not be fooled by their clever wording, they are in support of it because they are making millions of dollars out of it, they do not care about you or your computer. Since the "spyware boom" of recent years a number of extremely good programs have been created to help clean your system of infections - see the resources section at the bottom of this document. |
| .::... Packet Kiddies ...::. |
|
You may well be unfortunate
enough to come across a 'packet kiddie'. 'Packet kiddie' is the expression
given to people who choose to 'packet' others in order to disconnect
them from IRC or the Internet. The word 'kiddie' is used due to their
childish, immature and pathetic behaviour. A lot of them are also actually
kids - 12/13 year olds easily have the power to disconnect you from
the Internet. Never be fooled into thinking they are some sort of computer
nerd, they want you to think they are "elite" and clever.
They are not. Anyone with access to a botnet only has to type a simple
command to a channel to launch the attack - a 7 year old could do it.
Let's try to understand what packeting is... There are 'packets' flying around the Internet every second of the day, all year round. It never stops. 'Packets' are little bits of information. When you press a key on your keyboard, in basic terms, you send out a packet of information, and then a packet is returned telling your computer to make whatever you pressed appear on your screen (or do whatever other function that particular key was meant to do). So even just typing text on IRC you are making packets of information fly around all the time. These packets are completely harmless, if not actually useful (after all, your keyboard would just be useless if it wasn't for them!) However, when someone packets you, they usually take control of a 'botnet', as described earlier in the GT Bot section. These bots will send your connection hundreds of small USELESS bits of information, or useless packets - this will bog down your connection as it won't be able to handle it, and eventually (within a few minutes) disconnect you. When on IRC, the packet kiddie will usually say "Goodbye :)" - you will then not notice anything happen...then after a few minutes, it looks as though everyone has stopped talking. You ask if anyone's alive...nobody replies. You try to /hop and it doesn't rejoin. Eventually, you get the inevitable *** Disconnected error message. This can happen for reasons other than packeting, but it's a possibility someone is packeting you. A good way to tell is by trying to access any web page with your browser. Also, if you have it installed, try connecting to MSN Messenger - it will probably be unable to sign in. Same should apply to AIM (AOL Instant Messenger). Seems simple enough - so what wonderful program have they come up with to prevent these? Unfortunately, none... It is not possible to STOP packeting from being done to you, not from your end anyway. There are a few ways you can avoid such an attack though. One of the best ways is to simply stay away from them! Do not go into channels asking "how to hack" people - those channels will likely have packet kiddies in them. Don't abuse other channels, you never know who you're going to make angry. Don't go to so-called "elite" channels. They are not elite, they are lame. Do not get involved with people who proxy flood or clone flood channels - those types and their friends will forever linger around you and if you annoy them, they will packet you. Sometimes they just do it because they are bored and you haven't done anything. Another way is to use the Undernet +x usermode. See, when someone packets you they need to know your Internet Protocol number (IP number). This is readily available to people on IRC - all they need to do is type /dns your-nickname and in most cases they will have your IP. If you set mode +x however, your IP is covered up with "username.users.undernet.org" - where 'username' is whatever username you registered. To register a username, go to http://www.cservice.undernet.org/live and click on 'Register'. Follow the simple instructions. If you have problems with email use your ISP email. For further help ask in #CService on Undernet. Finally, you could just detect them. Using a Firewall (see the Resources section) will log all inbound connections to your computer. You can then detect any foreign detections made and see what ISP they come from. So if you get an IP and then use mIRC to /dns IP.here you should get a hostname - at the end is likely to be the name of the ISP. For example, if it's an AOL IP, you will see "aol.com" at the end of the hostname. You may also see "comcast.net" or "ntl.com" etc. |
| .::... Resources ...::. |
Below
are a number of resources which will help you steer clear of viruses,
spyware and log attacks. When detecting virus/spyware it's a good idea
to run 2-3 as not ONE virus scanner can detect everything as they scan
in different ways. Don't run them at the same time, but use 2-3 at different
times. It's also a good idea to KEEP them installed on your computer,
and if they have auto-protect features, have them enabled. Free: Shareware: The
following are good resources you may wish to read up on: |
|
.::... IRC Dangers ...::. |
|
However,
fear not. This document aims to cover some of the issues related to
people trying to infect you with viruses and spyware - problems you
WILL come across in your IRC life, whether you like it or not - there
are traps out there that are set to cause you huge inconvenience, both
on and off IRC. We also aim to give you information about "packet
kiddies" who you may unfortunately come across who deliberately
disconnect you from the Internet. |
|
|
|
| | ||