CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 29th, 2010

Firefox-based Attack Abuse IRC Networks

Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.

Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month.

“Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network,” one of the hackers, who goes by the moniker Weev, said. “We get his huge rollover effect.”

He added: “We got the the people who run Freenode to actually k-line each other,” a reference to the process of banning a user from an IRC server for spamming or other inappropriate actions.

The malicious javascript exploits a feature that allows Firefox to send data over a variety of ports that aren’t related to web browsing. By relaying the scripts over port 6667, users who click on the link automatically connect to the IRC server and begin spewing a tirade of offensive text and links. The attack doesn’t work with Internet Explorer or Apple Safari, but “might” work with other browsers, Weev said.

IRC channels such as Efnet and OFTC have managed to block the attacks, but at time of writing Freenode operators were still struggling to repel them.

“While we are doing what we can to mitigate the spam, we would ask that you take a careful look at any unusual sites or URLs you might visit in the near future to be sure you are not being tricked into visiting such a site,” a note on Freenode’s website read. Representatives of the network didn’t respond to an email seeking comment.

Security researchers have long known that it’s possible to abuse features designed to make browsers work seamlessly with other internet applications. Web security expert Robert “RSnake” Hansen calls the technique “interprotocol exploitation.”

“It’s the first time I’ve actually seen it used in the wild,” he said. “We’ve been theorizing this attack was possible for some time. Browsers absolutely should not be able to connect to ports unrelated to HTTP.”

Hansen said other internet technologies, such as the Sip protocol for voice over IP, are also ripe for abuse.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Login And Password Stealing Trojan Masquerades As Firefox Plug-in
  • Music Industry Sites DDoSed By Hacktivists To Support Pirate Bay
  • Serious Security Flaw In Firefox 3.0.7, Exploit Already Available
  • Attack Code For Mozilla’s Firefox Zero-day Vulnerability Released By Researcher
  • Password Bug Fixed Sooner Than Expected in Firefox 3.0.3

    • Posted in Software, Spam, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, January 29th, 2010 at 6:57 pm and is filed under Software, Spam, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Firefox-based Attack Abuse IRC Networks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »