Search

Description Name: Data-stealing malware - C&C channel - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Be...

This Others arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires being executed with a specific

Description Name: Bot command - IRC (Response) . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators...

\default=1 useautoplay=1 Backdoor Routine This Worm connects to any of the following IRC server(s): http://j52.coax-{BLOCKED}-{BLOCKED}.su http://j65.coax-{BLOCKED}-{BLOCKED}.su http://j30.bull-{BLOCKED}-

copy. Backdoor Routine This Worm connects to any of the following IRC server(s): w4h{BLOCKED}3488h.net 39f{BLOCKED}ewhd.net 489{BLOCKED}deem.net a{BLOCKED}m.in However, as of this writing, the said sites

instant-messaging (IM) applications: Yahoo! Messenger Backdoor Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: {BLOCKED}m.{BLOCKED}ch.ru It joins any of the following IRC channel

not infect files with certain characteristics. It also searches for target script files for iframe infection. Infected script files are detected as HTML_IFRAME.SMV. It connects to certain IRC servers

This worm connects to specific IRC channels and uses the nick n3t . It creates the mutex "S3xY!" for its main executable. It may execute certain commands from a remote malicious user. This Trojan

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}c.

\Wilbert %User Profile%\Application Data\irc (Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.. %User Profile% is the current user's profile

sites hosting remote copies of itself using the following instant-messaging (IM) applications: Yahoo XFire Skype PalTalk ICQ GTalk MSN Backdoor Routine This worm connects to any of the following IRC

following files: .DLL files PE Files with _win section name Files with infection marker Backdoor Routine This file infector connects to any of the following IRC server(s): ru.{BLOCKED}s.pl core.{BLOCKED

{BLOCKED}x.com/shock/cgi Backdoor Routine This backdoor connects to any of the following IRC server(s): irc.{BLOCKED}k.tk:6667 {BLOCKED}.{BLOCKED}.50.237:6969 It joins any of the following IRC channel(s):

Description Name: Transmitted executable or script file - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of...

Description Name: Executable file sent from/to non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...

Description Name: Session using standard port - IRC . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior...

Description Name: DDOS Tool Detected - LOIC . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious...

Description Name: Public C&C IP address - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual beha...

banking sites. DORKBOT variants are capable of launching denial-of –service (DDoS) attacks. In order to do so, it accepts commands from its controller by connecting to and joining IRC chatrooms. Analysis

This worm arrives by connecting affected removable drives to a system. It may be unknowingly downloaded by a user while visiting malicious websites. It adds registry entries to enable its automatic