IRC Viruses
Created | Updated Jan 17, 2003
This is a work in progress entry. Please feel free to contribute!
A virus is, in the context of computing, a replicating program designed for self propogation. A virus may also have other functions, such as erasing data or, in the case of trojans and worms, collecting passwords and enabling someone else to control the affected computer.
What do viruses have to do with IRC?
IRC is a real time chat system, which also has the ability to send files, as such is it an ideal environment for the distribution of viruses. You can find out more about IRC here.
Every day on the IRC networks of the world, thousands of virus infected computers attempt to transmit their virus to other computers connected to the network in several different ways.
Direct Send
IRC has the facility to let you send files to other users. This can be very helpful when you wish to do something like send a friend a picture of somewhere you have visited, or wish to download a movie from an IRC fileserver. However infected computers may attempt to send you files which will affect your computer - they will do this without asking. You may see an invitation to accept a file send for the file 'simpsonsclips.rm.js' which may look like fun, but is actually a virus loaded file - run it and your computer will be affected too.
Infected URLs
Some virus, once they have infected a computer, cause you to send URLs to other users. These URLs, when viewed, may attempt to send you a virus which will then infect you and cause you to send URLs to other users as well.
$decode
The $decode family of viruses only affect the mIRC client. They take advantage of an identifier in mIRC (the $decode) identifier which allows an instuction to be encrypted. You are sent a message which tries to trick you into running a command containing an $decode string which then downloads a file to infect your system.
How to reduce the risk of infection
There are several things that you can do to reduce your risk of infection whilst connected to an IRC network;
Do not auto accept files! - you can turn this off in the options menu of your IRC client.
Do not accpet files from people you do not know. Even if you do know them, be cautious.
Never run any file without checking its file extension. A file like afilename.txt is totally harmless, however afilename.txt.js is not. (.js denotes that the file is a javascript file.) Any 'active' file like an executable (.exe) dll (.dll) or even a word file (.doc) can contain a virus, whilst 'passive' files cannot, for example RealMedia (.rm) and bitmap (.bmp) files. If you are not certain the file is passive, do not run it.
Do not visit any URLs that are privatly to you without explenation. Infected hosts may have a script set up to automaticly send messages to other users containing infected URLs to visit.
Never type in a command like /run or /dll when asked, ever. These commands are used to access system functions, like rebooting your computer or downloading a file from a webserver.
Never run a command you do not understand. You can always use /help (command name) to find out what the command does before you run it.
Do not use mIRC. Most of the viruses and exploits circulating on IRC are specific to the mIRC client, you can take advantage of security through obscurity and use a client like XChat which will not be affected many of these problems.
Use UNIX, or any other non Windows operating system. How many UNIX viruses have you heard of?
