Search
Keyword: IRC_Generic
and their corresponding random filenames in the system IRC data FTP hosts (upload sites) Infection log It accepts the following parameters: /i - drop the dll and config file to current directory /s -
"msnmsngr.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s): bilal2.{BLOCKED}s.net It joins any of the following IRC channel(s): #hell It executes the following command(s) from a
%Application Data%\svchost.exe"" Backdoor Routine This worm opens the following port(s) where it listens for remote commands: TCP 6667 It connects to any of the following IRC server(s): {BLOCKED}c.{BLOCKED}s.com
Monitor 3\netmon.exe WinPcap\rpcapd.exe WireShark\rawshark.exe It connects to a remote IRC server where it receives the following commands from a remote malicious user: down_exec IM IMSTOP start-scan
Google Talk MSN Messenger Paltalk XFire Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}4.{BLOCKED}awanta.su It joins any of the following IRC channel(s): #t8nted
This worm arrives by connecting affected removable drives to a system. It may be unknowingly downloaded by a user while visiting malicious websites. It is injected into all running processes to
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to Internet
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
removable drives. It uses the following file names for the copies it drops into shared networks: facebook.exe msn.exe setup.exe NOTES: This malware connects to the following remote IRC server using port 6667:
where it listens for remote commands: 23232 It connects to any of the following IRC server(s): {BLOCKED}gels-agency.nl It joins any of the following IRC channel(s): #wWw# It executes the following
batch file as %Current%\untitled1.bat . It aids in modifying (hiding/unhiding) attributes of IRC nicknames that it uses by using the DOS command "attrib." This Trojan may be dropped by other malware.
the following IRC server(s): {BLOCKED}.{BLOCKED}.82.177 It joins any of the following IRC channel(s): #Ganja It executes the following commands from a remote malicious user: clean - removes the malware
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
WINC WCUN WC32 PSTO Backdoor Routine This file infector connects to any of the following IRC server(s): proxim.{BLOCKED}axy.pl Other Details This file infector contains the following strings in its code:
{removable or network drive letter}:\snkb0pt\snkb0pt.exe ;{garbage characters} Backdoor Routine This worm executes the following commands from a remote malicious user: Update itself Join/Leave an IRC channel
strings in their names: OTSP WC32 WCUN WINC Backdoor Routine This file infector connects to any of the following IRC server(s): ilo.{BLOCKED}z.pl ant.{BLOCKED}z.pl HOSTS File Modification This file infector
This backdoor may be dropped by other malware. It may be hosted on a website and run when a user accesses the said website. Arrival Details This backdoor may be dropped by other malware. It may be
Vista/Win7 only) Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}etexplorers.org It accesses a remote Internet Relay Chat (IRC) server where it receives the following
This worm arrives by connecting affected removable drives to a system. It arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a file
several IRC commands. NetTool.Unix.Mech (Ikarus), NetTool.Unix.Mech.e (Kaspersky)