IRC-Junkie.org – IRC News

All current versions of the KVIrc IRC client contain a remotely exploitable command execution vulnerability, including builds of KVIrc 4 from subversion up to revision 4692 as well as the older 3.x versions.

The bug, triggered by inserting carriage returns (r) into DCC GET commands, can be used to execute every command the IRCd understands in the context of the user running the vulnerable client instance.

To check if your version is exploitable you can either take a look at the “About KVIrc” tab under “Help” and check the revision or execute the following command on IRC:

Syzop of the UnrealIRCd project just posted an announcement on their mailinglist and forums that some versions of their IRCd have been compromised and had a backdoor added which went unnoticed for quite a while.

The first signs of the compromise have been traced back to November 2009 and Syzop writes that “Any Unreal3.2.8.1.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check”.

Researchers of the TU Wien (Vienna University of Technology, Austria) achieved a stunning – and at the same time scary – 76,1% click rate on possibly malicious links in conversations that took place on IRC using an automated social-engineering software dubbed “HoneyBot”.

Their new approach to automated social engineering (“ASE”) does not rely on artificial conversations from an AI but instead used the bot to relay messages between humans, effectively avoiding detection according to what is commonly referred to as “Turing Test” in which humans assess if they can tell apart that they are talking to a human or a computer program of sorts. Previous generations of such bots used an AI called “Artificial Intelligence Markup” to engage in conversations with a much lower success rate: Users where able to spot 80% of the bots after exchanging only 3 messages with them.

In a posting on the UnrealIRCd project website, coder Syzop announced a module that can help mitigate and completely stop the so-called “Firefox XPS Attack” (NSFW link).

The attack, which exploits the fact that malicious JavaScript can send arbitrary data to a wide range of ports, gained publicity when it was used against the freenode network over a period of a few weeks.

Even though the Mozilla project has a blocklist of ports that are specifically not allowed to be communicated to, the port commonly used by IRC networks (6667) was not on those lists.

Yesterday a group consisting of major Australian ISPs – amongst them are Optus, Telstra, Vodafone, AAPT, Virgin, Hutchison 3G as well as Facebook, Google and Microsoft – announced that they prepare “a voluntary industry code to come into force this year” which could mean that “Computers infected with viruses could be “expelled” from the internet”.

The Internet Industry Association, which is made up of over 200 ISP and IT-related companies, is preparing that code in response to an ultimatum of the federal government.