Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: mIRC Worm

Re: mIRC Worm

Nigel Reed (nigelrNELGIN.RSN.HP.COM)
Thu, 18 Dec 1997 11:47:34 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Len Charest: "Re: CGI security hole in EWS (Excite for Web Servers)"
Previous message: Aleph One: "Sun Security Bulletin #00161"
In reply to: Aleph One: "mIRC Worm"
Next in thread: Paul Wilson: "Re: mIRC Worm"

It might also be worth pointing out how to get rid of the
script.ini program in the first place for those who are
not sure.

Load up mIRC

/remote off
/unload -rs script.ini
/remove script.ini
/sreq ask
/remote on

The defaults for mIRC ARE safe. They require the user accept the
file. Everyone should be aware not to accept files which are from
an unknown or dubious source. The rule applies for http and ftp
so IRC/DCC is no different.

This problem is also addressed in mIRC 5.3 which will remove
script.ini and it also creates a new download directory for
the user. Basically protecting the user against themselves.

As for mIRC being a mess, I can say the same about ircii, but we wont
go into that now.

Regards
Nigel
--
Nigel Reed                       Pager: 214 322 6311 Enter area code +number
Consultant  Work: 972 497 4877   Home Email: nigelnelgin.cmpu.net
HP Convex Division, 3000 Waterview Parkway, Richardson, Tx, 75080

Next message: Len Charest: "Re: CGI security hole in EWS (Excite for Web Servers)"
Previous message: Aleph One: "Sun Security Bulletin #00161"
In reply to: Aleph One: "mIRC Worm"
Next in thread: Paul Wilson: "Re: mIRC Worm"