The official ezine of the DALnet IRC Network
May, 2002 Issue.

Letter from the Editor

DALnet People
- User Interview - Sinbad
- IRCop Interview - Ladyfizz
- DALneter of the Month
- DALnet News
- Music to IRC To
- Meet the Team

Techies Corner
- Wearable Computers
- Help I Got Hacked
- Who is Peer?

Fun Stuff
- Miss_Star's Astrology
- Becoming an IRCop
- Curve's Vocabulary Builder
- Celebrity Couple Quiz

The Moving Pen
- Poem - Daisy
- Poem - Diluted
- Poem - Maimed
- Prose - Untitled1
- Prose - Untitled2

In Real Life
- Sisters Have Done It To Themselves

Feedback
- Your Letters

Past Issues
- Past Issues

    

Help, I've Been Hacked!

One of the most common things an IRCop on DALnet hears, especially when dealing with lost passwords, is "I've been hacked!". More than often, the person they are speaking to has no idea at all what has happened, they simply assume they have been hacked because their nicknames and channels have gone and they haven't shared their passwords.

This, then, is short guide on some of the ways you can lose passwords - what to watch out for, and what you can do to protect yourself on IRC.

Website Exploits
There are many websites being advertised on IRC all the time. Some are just being advertised to get great numbers of visitors, but many are actually malicious websites which will load scripts on to your computer without you even knowing about it if your Windows is not patched with the latest security updates. Often these will look like sex sites, or personal homepages and you may click on them, look at the site and think nothing more about it - but this is what may have really happened during that short visit you made:

  • The site may have put a downloader on to your machine which will then go off, without your knowledge, and download a trojan to your PC.
  • Without you knowing, a site may put a dialler on to your PC which will connect out to phone lines being charged at anything up to $60 a minute.
  • The site may have downloaded a mIRC script to your machine in the background which will send out a bot to IRC to spam the site again, and send another bot to a hidden IRC server to be used to attack people, channels or servers.
  • When looking at the site a script may have downloaded, without you knowing, which will relay every command you make to NickServ or ChanServ to a secret channel on IRC.
How to stop this:
  1. Make sure your Windows has the latest security patches, you can check this at Windows Update
  2. Change your security settings in Internet Explorer so that ActiveX and Java is not all set to 'enable' but to 'prompt' - and then manually refuse these scripts on any site you are not sure of
  3. Install a firewall which will block unknown connections and prompt you to allow connections out from your machine. A good, free and simple one is Tiny Firewall
  4. Make sure you have an up-to-date anti virus program like Norton and that you have it set to check all files, and emails, and that you update it once a week - anti-virus software is only as good as the latest update!
  5. Just don't go to sites you don't know! Most sites advertised on IRC are malicious in some way, so even if you think you are going to see a good sex site, resist the temptation and only visit sites you trust, given by people you trust
  6. Take the ActiveX exploit test on DALnet to see if you are secure


The Dangers of BNC
A lot of people like to use bouncers on IRC. Programs like BNC, Ezbounce and others provide a simple way to mask your real host (which stops attacks to your IP), and gives the user a cool virtual host instead. Sounds like a win/win situation doesn't it - or does it? The problem with these bouncers is that, unless you own the shell account yourself, and it is on a reputable shell account provider, you simply can't trust them. Why? Because bouncers can log. If someone tells you they have a bouncer you can connect to, that bouncer may well be logging everything you type once you are connected it - and that means you lose your passwords.


Nasty Net Cafes
Many people IRC from net cafes, especially if they are in a country where Internet connection is expensive, or hard to get hold of. The problem with net cafes is that many are not terribly well run and allow the users to download just about anything to the machines. The staff of DALnet often see users on net cafe machines which are riddled with trojans, bad scripts and keyloggers - and then those same users wonder why their passwords are stolen.

How to stop this:

  1. If possible, never identify to your nickname or channel whilst on a PC in a cafe
  2. Check with the cafe owner that he has up-to-date antivirus
  3. If the cafe allows you to install programs, try installing anti-spyware software to pick up any keyloggers
  4. Don't use any scripts installed on mIRC all ready
  5. Turn logging on mIRC off


IRC Tricks and Cons
There are a whole range of things that are done on IRC to steal passwords off people, these are just a few to beware of:

  • Fake services that /msg or /notice you requesting you to do a command with your password in
  • Fake IRCops who say they will mark your nickname if you give them the password - real IRCops never ask for your password and don't need to know your password to mark your nickname
  • People who go to another network and DCC you as ChanServ or NickServ and ask you to identify - the real ChanServ and NickServ do not DCC
  • Messages that say your nickname or channel will expire unless you identify to the person messaging very quickly


Terrible Trojans
A trojan is a malicious file which wraps itself up in an innocent looking file. Many trojans these days have an IRC component because IRC is an easy way for the people who spread trojans to control many PCs at once and use them to attack (these are called Distributed Denial of Service attacks), and also to spread the trojan further. A lot of these trojans will open up your PC so that other hackers can find it on a scan and start uploading even more nasty files to you computer that will make everything you store on, or type in to your computer accessible to the hacker. Pretty soon your PC will become so loaded down with nasty files that you know nothing about, that it will be very slow and you're wonder what has gone wrong.

How to stop this:

  1. Never download files from websites you don't trust
  2. Always have an up-to-date anti virus progam scanning all your downloads
  3. Run a firewall to stop unknown connections in and out of your machine
  4. Get an anti-trojan program as a back-up to your anti-virus
  5. Again - never download and run unknown files!


Sneaky Scripts
Lots of us use scripts to protect our channels and automate many of the commands we do on IRC, however not all that many of us script ourselves or even know what a script does by the code. That is something that malicious scripters take advantage of. There are a number of very popular scripts out there which have 'backdoors' coded into them - ways for people to get your passwords off you that range from the complex, to something as simple as the script relaying whatever you type to a certain nickname or channel. Large mIRC scripting sites do not check the code for every script they host, so you can't assume that because you downloaded your favourite script from a well-known site, that the script is safe.

How to stop this:

  1. If you can script, write your own
  2. If you can't script, get someone who can to check the script you use for anything nasty
  3. Check with nohack.net, the website of #nohack who have a list of well-known bad scripts
  4. Ask someone in a position of trust, like an IRCop if they can recommend any good scripts
  5. Don't use a script at all - learn to write some simple aliases to automate the commands you use most often


Useful Resources
Lastly, a list of resources which will help you to stay safe, and keep your passwords secure, on IRC:



İcurve 2002

Note: Views expressed here may not be those of the DALnet IRC Network.
layout, design, images and contents copyright © 2001-2002 by the DALnet IRC Network Zine Team <zine@dal.net>