[irc.efnet.nl] Security Information

irc.efnet.nl Security Information and Warnings

This page details current security warnings for users of irc.efnet.nl, as well as basic security information.

Why should I care about security?

If your system becomes compromised, an attacker would have full access to your computer. This means they can do anything you can do: Access your files, scan for more systems to attack, perform denial of service attacks on other systems, delete your files, and more. Even if you have nothing on your system worth protecting, compromised systems are often used to attack other systems, making YOU appear to be responsible for the attacks, and potentially exposing you to criminal or civil action.

Recently, large networks of compromised systems have been used to devastating effect in attacks against the DalNet IRC Network. These attacks have at times completely crippled DalNet, and have caused many servers to leave. EFNet and other large networks have experienced similar events in the not-to-distant past. These days, large scale attacks usually rely on networks of compromised systems, as the systems of end-users are almost always poorly protected. By taking the time to secure your system against intrusion, and by reacting correctly in the event that your system IS compromised, you prevent yourself from becoming an unwilling participant to these and other attacks.

Currently Widespread Threats

Various security vunerabilities in Microsoft Windows - Please be sure to check for and apply security patches from http://windowsupdate.microsoft.com on a regular basis, or consider enabling automatic updates under Windows XP.
mIRC 6.x versions prior to 6.03 are vulnerable to a number of bugs, which in conjunction with certain scripts or with malicious IRC servers could pose a denial of service or remote code execution threat. Upgrade to latest version at http://www.mirc.co.uk to protect yourself from these threats.
Windows 2000/XP systems with no administrator password set - Many computer vendors which preinstall Windows 2000 and Windows XP ship systems with a blank administrator password. This potentially allows anybody to remotely access the system with administrator privileges. A number of services through which this access can be exploited are enabled by default under these operating systems, so any system with a blank administrator password is WIDE OPEN to exploitation. Note that you won't be able to see the administrator account in the user accounts screen under Windows XP, on these systems you should use Computer Management to set a password for the administrator account. Also, under Windows 2000 and XP, disable the guest account as well as any other account without a password.
$decode() trojans - There are many clients which are onjoin spamming with things like "To get ops type //$decode(blah blah blah) in the channel, but SHH!". These lines when typed into mIRC will insert a small backdoor script into your client, causing it to try to spread the trojan further without your knowledge, and allowing an attacker full access to your computer.
Web Page trojans - there are web sites being advertised on irc which contain exploits for various client security holes, these exploits will insert a backdoor into your computer, and your system will be used to spam the exploit's web site, thus infecting others. Don't go to web sites being advertised by channel bots, or at least check out the source of the page with SamSpade (http://www.samspade.org/t/safe) first.
Onjoin file sends - almost always trojans, don't take any file you didn't ask for.

Preventing Infection

Remember that many trojans and viruses are spread via downloaded files - don't download a file unless you both trust the sender and know what the file is.
Install a virus scanner and keep it up to date. Use the configuration instructions at www.hackfix.org to make sure it is set up properly.
Strongly consider using a trojan scanner as well.
Strongly consider using a firewall - preferably a dedicated hardware firewall or a NAT router configured as a firewall. Personal firewalls are better than nothing, however, they have some limitations and flaws. If you use a personal firewall, please don't harass provider's abuse departments with every "alert" message that it generates. Also remember that a personal firewall depends on your own computer for security. If your computer's security is compromised by running malicious software, that software may be able to circumvent your firewall.
Don't depend on a firewall for security. A firewall should be considered another layer in an overall security strategy, and can be very effective, but you should continue to use other security measures as if the firewall wasn't there.
Shut down services you don't use. If you are actively using IIS or Personal Web Server which ship with many versions of Windows, strongly consider replacing it with another web server unless you are using and depending on IIS specific features.
WINDOWS USERS - KEEP UP TO DATE WITH WINDOWS SECURITY PATCHES - Yes, this takes time, but by going to http://windowsupdate.microsoft.com frequently, you can fix many of the security holes which viruses, trojans, and worms depend on to operate. You may also wish to install Critical Update Notification for versions of Windows before Windows XP, or turn on Automatic Updating under Windows XP.
Users of other operating systems should keep up with security patches issued by their operating system vendor.
Consider subscribing to various security mailing lists to receive alerts of new security threats. Microsoft, CERT, and many software/operating system vendors all have security mailing lists, which will often give you early warning of new threats, and a chance to fix security holes in your system before they are used against you.
Read this document, and try to implement its recommendations: http://www.cert.org/tech_tips/home_networks.html

Other Resources

$Id: security.php,v 1.3 2003/02/24 11:37:06 jrollyson Exp $