Search
Keyword: IRC_IRCFLOOD.X
PERL_SHELLBOT.SM connects to this IRC server(s).
PERL_SHELLBOT.SM connects to this IRC server(s).
PERL_SHELLBOT.SM connects to this IRC server(s).
PERL_SHELLBOT.SM connects to this IRC server(s).
PERL_SHELLBOT.SM connects to this IRC server.
PERL_SHELLBOT.SM connects to this IRC server.
PERL_SHELLBOT.SM connects to this IRC server.
PERL_SHELLBOT.SM connects to this IRC server.
contains the following once decrypted: Configuration file version FTP hosts (upload sites) Infection logs IRC data (port, nick, password) P2P node Reference to the components and their corresponding random
the following IRC servers using port 80: {BLOCKED}c.zief.pl {BLOCKED}m.ircgalaxy.pl Connects to the said servers using 8-randomly generated character for its NICK and 1-randomly generated character for
possibly malicious files create scheduled tasks get system information get IP address uninstall itself create/terminate processes collect internet certificates perform FTP and IRC commands It terminates
P2P node IRC data (port, nick, password) FTP hosts (upload sites) configuration file version infection logs
IRC server using a certain port and joins a channel where it receives commands from a malicious user. Terminates processes, Downloads files, Compromises system security
using Perl Script. It connects to a remote IRC server to listen and wait for commands coming from a malicious user. Once successfully connected, it can perform a number of routines including:
the following IRC channel(s): ##8## It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the
This worm accesses websites to download files detected by Trend Micro as: TROJ_FAKEAV.SM8 TROJ_RIMECUD.DL WORM_RIMECUD.SMC This worm arrives via removable drives. It drops an AUTORUN.INF file to
contains the following: reference to the components and their corresponding random filenames in the system P2P node IRC data (port, nick, password) FTP hosts (upload sites) configuration file version
system folder}{random letter}.exe" Backdoor Routine This backdoor opens the following port(s) where it listens for remote commands: TCP port 6667 It connects to any of the following IRC server(s):
capabilities: This backdoor is capable of connecting to a certain IRC server using a certain port and joins a channel where it receives commands from a malicious user. It sends the following information to its
}n/cgi-bin/jl/jloader.pl http://{BLOCKED}cn/cgi-bin/jloader.pl Based on its code, it is capable of connecting to a certain IRC server using a certain port and joins a channel where it receives commands from a malicious