Wednesday, August 29, 2007

Security: script kiddies have switched to IPv6

My 101st post - wow! Anyway, it seems like (mirc) script kiddies have decided to play with IPv6 from now on:

Free4U! MSG!#romania
Just Free!!! http://1050180165/horde/config/update/
(where filename = update-vista.scr)

Notice the "1050180165". The IP is the new shiny IPv6 (click to read more about it on Wikipedia). The file is a trojan mirc script, allowing the controller to do whatever he wants with your PC. Imposing as a "microsoft vista update", the controller will probably have several hits. Fortunately, it's detected as Parite.B by most antivirus vendors, as tested in Virustotal.

The IPv6 will be a problem to be detected by some IRC channel protection scripts. Thankfully, without the http:// part, it is not clickable, therefore not easy for the newcomers to copy&paste.

No comments: