cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jwoodmls
Level 9
Report Inappropriate Content
Message 1 of 4

Curious about some policies

Jump to solution

There are some policies that are set as default that I've always wondered why.  Not saying they aren't good to have in place, but sometimes the reasoning would be nice.

An example for me is under Anti-virus Standard protection the "prevent IRC communications".  I've actually ended up making a separate policy for IT staff for this because I have been known to hop on Freenode before for chat about various tech subjects.

I'm curious if there have ever been outbreaks associated with IRC, or if this is more in the vein of productivity and preventing file transfers that may be in violation of copyright.

Does anyone know the answer?

Thanks

1 Solution

Accepted Solutions
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Curious about some policies

Jump to solution

IRC connections are usually unencrypted and typically span long time periods, they are an attractive target for DoS/DDoS attackers and hackers.  There has been numerous cases of client-side bugs which can be exploited to cause a crash or run arbitrary code on a client machine; exposing internal network information. 

Ransomware Leads The Path of Growing Malware Attacks - February 22, 2017

JBossjmx (4.5%) – the name of this virus may sound familiar to you. It is a worm, named after the program it targets. Only systems which use a vulnerable version of the JBoss Application Server are susceptible to this infection. The worm creates a JSP page which executes arbitrary commands. In addition, it opens a backdoor to receive commands from a remote IRC server.

Ransomware Leads The Path of Growing Malware Attacks

New GhostAdmin Malware Used for Data Theft and Exfiltration - Jan 17, 2017

Under the hood, GhostAdmin is written in C# and is already at version 2.0. The malware works by infecting computers, gaining boot persistence, and establishing a communications channel with its command and control (C&C) server, which is an IRC channel.

GhostAdmin's authors access to this IRC channel and issue commands that will be picked up by all connected bots (infected computers).

New GhostAdmin Malware Used for Data Theft and Exfiltration

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

View solution in original post

3 Replies
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Curious about some policies

Jump to solution

IRC connections are usually unencrypted and typically span long time periods, they are an attractive target for DoS/DDoS attackers and hackers.  There has been numerous cases of client-side bugs which can be exploited to cause a crash or run arbitrary code on a client machine; exposing internal network information. 

Ransomware Leads The Path of Growing Malware Attacks - February 22, 2017

JBossjmx (4.5%) – the name of this virus may sound familiar to you. It is a worm, named after the program it targets. Only systems which use a vulnerable version of the JBoss Application Server are susceptible to this infection. The worm creates a JSP page which executes arbitrary commands. In addition, it opens a backdoor to receive commands from a remote IRC server.

Ransomware Leads The Path of Growing Malware Attacks

New GhostAdmin Malware Used for Data Theft and Exfiltration - Jan 17, 2017

Under the hood, GhostAdmin is written in C# and is already at version 2.0. The malware works by infecting computers, gaining boot persistence, and establishing a communications channel with its command and control (C&C) server, which is an IRC channel.

GhostAdmin's authors access to this IRC channel and issue commands that will be picked up by all connected bots (infected computers).

New GhostAdmin Malware Used for Data Theft and Exfiltration

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

View solution in original post

jwoodmls
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Curious about some policies

Jump to solution

Thank you for the reply. 

I certainly could see the danger if someone leaves that connection open which as you said, I know there are people who stay parked out on IRC permanently.  I just hadn't really thought of it.  Personally, I just occasionally use IRC during the course of a day but don't usually keep the connection open permanently.

Re: Curious about some policies

Jump to solution

Moved to ePO for the benefit of a future user searching for a similar question.

Rich

McAfee Volunteer Moderator - Business Products

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community