Search
Keyword: IRC_IRCFLOOD.X
\Command={random filename}.exe {garbage codes} Backdoor Routine This Worm executes the following commands from a remote malicious user: Connect to a website Connect to an IRC channel to receive commands Copy
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
Create processes Download other files Insert iFrame tags into HTML files Join an IRC channel Log in to FTP sites Perform Slowloris, UDP, and SYN flooding Run Reverse Socks4 proxy server Send MSN Messenger
wilderssecurity windowsupdate update.microsoft. download.microsoft. NOTES: The modified autostart registry of the legitimate application is randomly selected by the user. It may also connect to IRC servers to
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
infector gathers the following data: OS Version NOTES: This file infector connects to the following IRC server: {BLOCKED}m.{BLOCKED}pa.info It does not have rootkit capabilities. It does not exploit any
This file infector may be downloaded by other malware/grayware/spyware from remote sites. It may be manually installed by a user. It infects by appending its code to target host files. Arrival
worm connects to any of the following IRC server(s): {BLOCKED}r.ircdevils.net
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
following IRC server(s): http://imgay.{BLOCKED}s.cat http://imgay.{BLOCKED}s.es http://imgay.{BLOCKED}at.net It executes the following commands from a remote malicious user: Download files Upload files Copy
(McAfee); IRC Trojan (Symantec); Trojan-Spy.Win32.Delf.uo (Kaspersky); BehavesLike.Win32.Malware.eah (mx-v) (Sunbelt); Trojan horse PSW.Generic4.UTB (AVG)
IRC server using a certain port and joins a channel where it receives commands from a malicious user. It sends the following information to its C&C server: ext_ip dnsname hostname user domain is_admin
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a