The official ezine of the DALnet IRC Network
October, 2002 Issue.

Letter from the Editor

Attacks Explained
- What DoS/DDoS Is

The Impact of Attacks
- The Impact of DDoS on Unrelated Targets
- A User Speaks - Mentality
- A User Speaks - Pagan999
- An Admin Speaks - Curve

Botnets
- Just What Is a Botnet?

How You Can Help
- The Internet – Is it safe? Are you aware?
- Protect Yourself
- Do You Have Information?
- The IIQ

Resources
- Useful Resources and Information

Past Issues
- Past Issues

    

Protect Yourself
By Curve

There are many practical things which you can do to make sure that you don't get your computer infected and become part of the botnet problem:

Website Exploits
There are many websites being advertised on IRC all the time. Some are just being advertised to get great numbers of visitors, but many are actually malicious websites which will load scripts on to your computer without you even knowing about it if your Windows is not patched with the latest security updates. Often these will look like sex sites, or personal homepages and you may click on them, look at the site and think nothing more about it - but this is what may have really happened during that short visit you made:

  • The site may have put a downloader on to your machine which will then go off, without your knowledge, and download a trojan to your PC.
  • Without you knowing, a site may put a dialler on to your PC which will connect out to phone lines being charged at anything up to $60 a minute.
  • The site may have downloaded a mIRC script to your machine in the background which will send out a bot to IRC to spam the site again, and send another bot to a hidden IRC server to be used to attack people, channels or servers.
  • When looking at the site a script may have downloaded, without you knowing, which will relay every command you make to NickServ or ChanServ to a secret channel on IRC.
How to stop this:
  1. Make sure your Windows has the latest security patches, you can check this at Windows Update
  2. Change your security settings in Internet Explorer so that ActiveX and Java is not all set to 'enable' but to 'prompt' - and then manually refuse these scripts on any site you are not sure of
  3. Install a firewall which will block unknown connections and prompt you to allow connections out from your machine. A good, free and simple one is Tiny Firewall
  4. Make sure you have an up-to-date anti virus program like Norton and that you have it set to check all files, and emails, and that you update it once a week - anti-virus software is only as good as the latest update!
  5. Just don't go to sites you don't know! Most sites advertised on IRC are malicious in some way, so even if you think you are going to see a good sex site, resist the temptation and only visit sites you trust, given by people you trust
  6. Take the ActiveX exploit test on DALnet to see if you are secure


Terrible Trojans
A trojan is a malicious file which wraps itself up in an innocent looking file. Many trojans these days have an IRC component because IRC is an easy way for the people who spread trojans to control many PCs at once and use them to attack (these are called Distributed Denial of Service attacks), and also to spread the trojan further. A lot of these trojans will open up your PC so that other hackers can find it on a scan and start uploading even more nasty files to you computer that will make everything you store on, or type in to your computer accessible to the hacker. Pretty soon your PC will become so loaded down with nasty files that you know nothing about, that it will be very slow and you're wonder what has gone wrong.

How to stop this:

  1. Never download files from websites you don't trust
  2. Always have an up-to-date anti virus progam scanning all your downloads
  3. Run a firewall to stop unknown connections in and out of your machine
  4. Get an anti-trojan program as a back-up to your anti-virus
  5. Again - never download and run unknown files!


Sneaky Scripts
Lots of us use scripts to protect our channels and automate many of the commands we do on IRC, however not all that many of us script ourselves or even know what a script does by the code. That is something that malicious scripters take advantage of. There are a number of very popular scripts out there which have 'backdoors' coded into them - ways for people to get your passwords off you that range from the complex, to something as simple as the script relaying whatever you type to a certain nickname or channel. Large mIRC scripting sites do not check the code for every script they host, so you can't assume that because you downloaded your favourite script from a well-known site, that the script is safe.

How to stop this:

  1. If you can script, write your own
  2. If you can't script, get someone who can to check the script you use for anything nasty
  3. Check with nohack.net, the website of #nohack who have a list of well-known bad scripts
  4. Ask someone in a position of trust, like an IRCop if they can recommend any good scripts
  5. Don't use a script at all - learn to write some simple aliases to automate the commands you use most often




©Emma/Curve 2002

Note: Views expressed here may not be those of the DALnet IRC Network.
layout, design, images and contents copyright © 2001-2002 by the DALnet IRC Network Zine Team <zine@dal.net>