Author Topic: Firefox without NoScript dupes IRC-users  (Read 2722 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Firefox without NoScript dupes IRC-users
« on: February 01, 2010, 05:02:07 PM »
 Hi malware fighters,

A hole in Forefox has caused many IRC-channels to be overrun with spam. The vulnerability is actively being abused by hackers, that hide JavaScript in weblinks. As soon as the Fx-user will open this link, he will be forced to connect to an IRC-channel. Does avast webshield protect us here? Where IRC-users have Fx, the browser starts to spread spam throughout the channel. The attack has been going on now for a month and be causing a lot of trouble for especially the Freenode network. Many users are being banned through clicking a link to then flood and spoil a channel. http://encyclopediadramatica.com/Firefox_XPS_IRC_Attack

The malcode JavaScript abuses a Fx feature that sends data over various ports, ports that have nothing to do with normal browsing. By relaying the script via port 6667, users that click a link will automatically connect out to an IRC-server. The attacks does not function on Internet Explorer or Safari, but other browser might be vulnerable as well. Freenode says to be working on the problem and advises users to be carefull with opening URLs and visiting websites. I would say use NoScript extension inside Firefox and you won't have this and other javascript malcode problems.

VoIP
Security researcher Robert 'RSnake' Hansen calls the attacks "interprotocol exploitation." This sort of attack has been noticed for the first time to appear in the wild. "We have been discussing this for a long time that these attacks are possible. Browsers should not be able to make connections to nonHTTP-related ports." Also other internet technologies like session initiation protocol (SIP), used for Voice over IP, is vulnerable to this kind of abuse according to the hacker: http://www.theregister.co.uk/2010/01/30/firefox_interprotocol_attack/

polonus
« Last Edit: February 01, 2010, 05:22:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!