Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.
"Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network," one of the hackers, who goes by the moniker Weev, told The Register. "We get this huge rollover effect."
He added: "We got the the people who run Freenode to actually k-line each other," a reference to the process of banning a user from an IRC server for spamming or other inappropriate actions.
IRC networks such as Efnet and OFTC have managed to block the attacks, but at time of writing Freenode operators were still struggling to repel them. (Weev has more details here, but readers are warned the page isn't safe for work and contains highly offense language.)
"While we are doing what we can to mitigate the spam, we would ask that you take a careful look at any unusual sites or URLs you might visit in the near future to be sure you are not being tricked into visiting such a site," a note on Freenode's website read. Representatives of the network didn't respond to an email seeking comment.
Security researchers have long known that it's possible to abuse features designed to make browsers work seamlessly with other internet applications. Web security expert Robert "RSnake" Hansen calls the technique "interprotocol exploitation."
"It's the first time I've actually seen it used in the wild," he said. "We've been theorizing this attack was possible for some time. Browsers absolutely should not be able to connect to ports unrelated to HTTP."
Hansen said other internet technologies, such as the session initiation protocol for voice over IP, are also ripe for abuse.
Weev - the same hacker behind an exploit that removed sales rankings for hundreds of books that contained gay and lesbian themes - agreed that IRC was only the beginning.
"We've got excellent stuff being developed in the lab," he said. "We're going to leverage this for some really fun things in the future." ®
Sponsored: Network DDoS protection