> Some versions of a very popular (at least in romania) irc script
> (Atlantis) are trojan horses which implement new ctcp commands which allow
> other people on the irc world to execute irc commands in your client
To keep this short, trojan horses inside ircII scripts are nothing
new. In fact, several scripts go to great lengths to point out that
unless you get them from their proper distribution site you could
wind up with a 'hacked' copy of the script.
*No* versions of Atlantis /normally/ come with this jupe-hole. The
'backdoor' is something that was installed into the script by another
person (other than Dethnite) in hopes of being able to gain control
over other users' client software. These types of backdoors are
fairly easy to spot with a few simple searches through the source
code. Some other (more popular) text patterns to search for would be
'/etc/passwd', and 'rhosts'. ;)
> other atlantis versions seem to be affected as well. The only version that
> is clean is version 1.1. The BitchX client also "supports" the trojan.
Now this is just plain foolishness. ;) 1.1 is an ancient copy of
the script, and the other two versions are 1.2a, and 1.3. The 1.2b
was something that was just put in there to be a dead giveaway by
whomever hacked the script. If anyone needs them, I can arrange for
*clean* copies of any ircII script you'd care to use, and show folks
how to go through and find any holes people other than the authors
may have installed.
As far as setting up ircII for a whole system is concerned, it's
probably a safe bet that if you wanna keep things completely secure
(i.e, protect the clooless from themselves) you at least need to
disable /exec, but the /dcc commands are fairly safe ground. I would
strongly suggest implementing a global .ircrc that will load either
Phoenix 3.0 or Atlantis 1.3 when a user starts ircII, because both of
these scripts pretty much cover all the bases--friends lists,
flood-protection, handy aliases, etc.