– IRC News

All about Internet Relay Chat

mIRC 6.32 Released

Version 6.32 of probably the most popular IRC client have been released yesterday.

“This version of mIRC builds on recent releases by focusing on stability and reliability and addressing the various issues that have been reported by users since the last release. It includes cosmetic changes to the interface, fixes, optimizations, and improvements to the scripting language,” the mIRC website reports.

Some of the major changes include longer nicknames, channel names and messages as well as longer variables in scripting. Other changes include:

* Added support for network-specific window position saving.

* Fixed mouse wheel handling of scrolling with high resolution mice.

* A “Check for Updates” option has been added to the mIRC Help menu to automatically check for new versions of mIRC.

* Optimized INI file handling to only update those parts of a file that have changed. This decreases file writes and speeds up a number of features in mIRC, including USB drive usage.

* Improved display speed of text in all windows.

* Fixed multi-byte text-wrapping display issues.

* Fixed and optimized a number of @window display features, including the way tabstops are handled.

* Improved unicode support in the $mp3() identifier.

“In total there have been over 50 changes to this version and although most of them are only small fixes and tweaks, we hope that they result in a more useful and stable mIRC for you.”

mIRC(.com) Gets a New Face

I can’t remember the logo of the most popular IRC client to ever had an upgrade or restyling. It happened now however, not a radical change, but one into an extra dimension making it 3D.

In 3D with a few gradients it got itself an update. The program itself also got an update to version 6.31. “For scripters, we hope you like the changes to the script editor. The interface has been improved, it is now cleaner and easier to read, we added Check Bracket/Sort Variables items to Edit menu, line numbers to the margin, and enter/home key indentation support. The editor also no longer flickers when resized”, the website reports. Speaking of, the website got an overhaul as well and matches the new design.

Other changes listed:

*   A “Hide tips when locked” option to the lock dialog,

* An SSL option to automatically accept invalid certificates,

* Tips now shade each alternate message that is added to an existing tip to make it easier to distinguish individual messages,

* When bars are locked the drag bars are now hidden from view,

* Changed behaviour of “Hide minimized desktop windows” option so that query, message, and chat windows remain visible when they are first opened minimized on the desktop.

You can download mIRC here.

Drones, a Continuous Problem for Small Networks

In February 2006 IRC-Junkie featured an article titled “Help! My Network is in Servers.ini!”. In short, the article names one of the problems small networks engage when they become listed in mIRC’s servers.ini.

One of the major drawbacks is that not only humans use this file, downloading an up-to-date servers.ini is also one of the first things a newly installed drone is doing. And thus, attracting drones is one of the side effects that could cause a lot of problems that eat up valuable resources, which are often not really in abundance on small networks anyway.

The Beirut IRC Network for example started to gline about a 1000 IPs a day when they got first listed in servers.ini.

Tjerk Vonck, webmaster of, denied knowledge of any drone issues concerning servers.ini: “No. And really, I doubt there is such a problem”, he replied to IRC-Junkie.

Today IRC-Junkie received an email from SanitariuM who scripted a mIRC script that can gline drones on connection.  “Those numbers for those bear drones, as I can verify with sources, have grown to over 2 MILLION unique IP’s per year. Divide this out and it’s almost 5,500 drones with unique IP’s per day on each network. Each bot sends out at *least* 10 spams, so that’s 55,500 spams per day”, he writes.

Despite that drone nets increasingly make use of other protocols like HTTP and P2P type of networks they continue to plague IRC networks.

SanitariuM also brings a bit of good news however. “There are several ways you can detect and gline these things with 100% accuracy on connection. I’ve written a universal mIRC addon that’ll work on *any* network to pattern detect and gline these. Instructions for setup are very simple… change a syntax or two, oper it up, and away it goes.”

To not give away the pattern and make the maliscious users running the drones aware of how they are being caught, SanitariuM only gives out the mIRC script after validation of the user requesting a copy, and only after initial contact has been made in one of two channels. These can be found on Undernet (#SSnD) and DALnet (#Snoop).

IRC-Junkie advices common sense with loading scripts into any IRC client. If you are going to load a script not written by yourself, and you don’t posses the knowledge of checking it out yourself, let someone else do it. Especially if it is going to run on an opered client on a production network.

edit (13:00): 55,000 spamposts instead of 15,000, changed on request of SanitariuM (which I just quoted without checking the math ;) )

Help! My Network is in Servers.ini!

Assuming this was a commonly known fact, it was never reported before on IRC-Junkie. But as I had contact over the past few weeks with several smaller IRC networks, it became clear not many small networks with servers.ini aspiration also realize the potential negative effects of being listed in the world largest IRC server list.

It is not just humans that make use of this extensive list of IRC networks. You might remember the Fizzer worm which was causing havoc over IRC networks in 2003. That worm created such problems that a special task force was created, named IRC Unity, to tackle the problem. On their website we can read: “irc/unity was formed in May 2003 as a direct result of what was known as the “fizzer crisis”. In early May, the Fizzer worm was becoming a problem for IRC Networks around the world. This was due to the fact that it had a built-in list of IRC servers to connect to, gathered from the mIRC servers.ini file.”

In the last servers.ini update the Beirut IRC Network first got listed. Within a few days I got this email from Nat, who is handling the PR for the network: “Since we got added on servers.ini we are invaded by turkish porn spambots. We are daily glining about 1000 IPs. Our boys, with aid of an Undernet scripter, finally started to control the situation, made a script and it started glining them before they reach the channels.”

Among abuse-exploit team members the use of servers.ini by drones and spambots is a know problem. An Undernet abuse-exploits team member who wishes to remain anonymous gives an example. “GTBot (an mIRC client with added backdoors and *.ini files) uses the servers.ini file from mIRC. An GTBot spreads by advertising (amongst others) an URL to other users. (Example: hey look at me in the nude @ http://ip-number-here/me-nude.jpg, which is in reality an EXE file. It (ab)uses the servers.ini file to go to all networks it contain.”

IRC-Junkie asked Tjerk Vonck, who is the webmaster of if he is aware of the problem. “No. And really, I doubt there is such a problem”, he replied.

“Making the servers.ini file for non-humans hard to download does not solve this situation”, the Undernet abuse-exploits team member explains. “The abuser could manually download the ini, and put it on his own website.” Also Tjerk agrees: “Especially not since the ini hardly changes over time, so any old copy would do perfectly fine, for normal users, and the drones you’re looking for.”

It seems that for now, IRC networks with servers.ini aspiration better realize that being listed can potentially have unwanted side effects.

mIRC Local DCC Issue: Exploit, Vulnerability or Neither?

mIRC has seen issues with DCC exploits in the past. In December of last year another possible exploit/vulnerability has been announced on SecurityFocus IRC-Junkie initially decided not to post about since its significance was so minor. However, this issue seems to ruffle up feathers across several forums now.

The issue is described as a local mIRC buffer overflow initiated over DCC. “The code executed are with current user privileges,anyway this bug could be dangerous in universities, cyber coffees, schools and any location with restrictions. Adding/editing filters to locate the specified folder for the files”, the announcement on SecurityFocus reads.

A few days ago this thread popped up on mIRC’s forum. Khaled, coder of mIRC, edited the first post contain a URL to the C code with proof of concept with the text:

“As far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC. The author of the report seems to have over-complicated his report by saying that any malicious software on your computer can modify your mIRC settings to cause mIRC to crash. But if you have malicious software on your computer, you’ve already compromised your security…”

Crowdat Kurobudetsu, the original author of the report at SecurityFocus, has emailed Khaled the 29th of November last year but got no reply. He eventually posted the report on the 20th of December 2005.

mIRC versions vulnerable to this local issue include the latest version 6.16. Although the severity of this issue seems minimal, the general consensus seems to be a desire for this bug to be fixed.

edit: A reliable source that wishes to remain anonymous told IRC-Junkie that currently a new version (version numbered 6.17) is being tested that might fix this issue.