Feeds

Firefox-based attack wreaks havoc on IRC users

World's first inter-protocol exploit, but not the last

Choosing a cloud hosting partner with confidence

Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.

Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month.

"Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network," one of the hackers, who goes by the moniker Weev, told The Register. "We get this huge rollover effect."

He added: "We got the the people who run Freenode to actually k-line each other," a reference to the process of banning a user from an IRC server for spamming or other inappropriate actions.

The malicious javascript exploits a feature that allows Firefox to send data over a variety of ports that aren't related to web browsing. By relaying the scripts over port 6667, users who click on the link automatically connect to the IRC server and begin spewing a tirade of offensive text and links. The attack doesn't work with Internet Explorer or Apple Safari, but "might" work with other browsers, Weev said.

IRC networks such as Efnet and OFTC have managed to block the attacks, but at time of writing Freenode operators were still struggling to repel them. (Weev has more details here, but readers are warned the page isn't safe for work and contains highly offense language.)

"While we are doing what we can to mitigate the spam, we would ask that you take a careful look at any unusual sites or URLs you might visit in the near future to be sure you are not being tricked into visiting such a site," a note on Freenode's website read. Representatives of the network didn't respond to an email seeking comment.

Security researchers have long known that it's possible to abuse features designed to make browsers work seamlessly with other internet applications. Web security expert Robert "RSnake" Hansen calls the technique "interprotocol exploitation."

"It's the first time I've actually seen it used in the wild," he said. "We've been theorizing this attack was possible for some time. Browsers absolutely should not be able to connect to ports unrelated to HTTP."

Hansen said other internet technologies, such as the session initiation protocol for voice over IP, are also ripe for abuse.

Weev - the same hacker behind an exploit that removed sales rankings for hundreds of books that contained gay and lesbian themes - agreed that IRC was only the beginning.

"We've got excellent stuff being developed in the lab," he said. "We're going to leverage this for some really fun things in the future." ®

The next step in data security

More from The Register

next story
Google kills CAPTCHAs: Are we human or are we spammer?
Do you make up these questions, Mr Wonka?
Hawking: RISE of the MACHINES could DESTROY HUMANITY
Prof Steve also says net firms should do more to fight terror and crime
Author fined $500k in first US spyware conviction
100,000 creeps buy mobe-watching wares
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Sony Pictures struggles as staff details, salaries and films leaked
Fury and Annie now doing the rounds - along with staff's privates
Australian Government funds effort to secure wearable data pulses
Skipping hand-in-hand with government and insurance company databases
Pay with your credit card at station kiosk? 'Dare Devil' is targeting YOU
Please collect your ticket and change (& ta for the card data)
prev story

Whitepapers

The falling cost - and rising value - of desktop virtualization
The growing strategic value of desktop virtualization, from a more flexible, productive workforce to lower real estate costs, has made it a key IT strategy.
Security management 2.0
It’s time to slay the sacred cow of your substantial SIEM investment, and figure out objectively what offers you the best fit moving forward.
The Escalating Threat of DDoS Attacks
With increasing frequency and scale, some of the world’s largest data center and network operators are suffering from crippling Distributed Denial of Service (DDoS) attacks.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Everything a site builder wants to know
The major changes in Drupal 8 for end users, site builders, designers and front-end developers, and for back-end developers - part 2.