Security experts have warned that a wave of hack attacks is striking tens of thousands of PCs via instant messenger (IM) or Internet Relay Chat (IRC) clients, using nothing more high-tech than old-fashioned social engineering.
Hackers are using automated tools to send messages to random IM and IRC users, offering them a piece of software they might want or need, such as antivirus protection, improved music downloads or pornography, according to an advisory posted on Tuesday by CERT, a U.S. government-funded security research body.
When the file is downloaded, however, it turns out to be malicious software that may expose confidential data or allow a hacker to take control of the victim's PC to help attack other Web servers, in what is known as a distributed denial-of-service (DDoS) attack.
A sample message runs as follows: "You are infected with a virus that lets hackers get into your machine and read ur files, etc. I suggest you to download (malicious url) and clean ur infected machine. Otherwise you will be banned from (IRC network.)"
The downloaded software allows the hacker to take remote control of the victim's system, exposing confidential data, installing other malicious programs, and changing or deleting files. It also can co-opt the system into a DDoS attack, which uses a large number of computers distributed over the Internet to overload a target Web server with traffic, slowing or halting ordinary service on that Web site.
CERT recommends keeping antivirus software up to date, as well as general caution about downloading unknown files. "Users of IRC and IM services should be particularly wary of following links or running software sent to them by other users, as this is a commonly used method among intruders attempting to build networks of DDoS agents," Householder wrote.
News source: ZDNet News
View: CERT® Incident Note IN-2002-03 - Social Engineering Attacks via IRC and Instant Messaging