Search

This Worm adds registry entries to enable its automatic execution at every system startup. Installation This Worm drops the following files: %Program Files%\mIRC\IRC Bot\Stupid.sys %Program Files%

HKEY_LOCAL_MACHINE\SOFTWARE\GCI HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3 HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\IRC HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\ICQ It adds the following registry entries:

This backdoor connects to specific IRC server and joins a particular IRC channel. It is capable of receiving and executing specific commands from the IRC server. This backdoor arrives on a system as

Description Name: Session using non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusu...

any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup

This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

This malware is an IRC (Internet Relay Chat) bot that leverages the Bash bug vulnerability, also known as Shellshock. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to

This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as

This Trojan is a malicious mIRC script that uses a legitimate mIRC client ( daemon.exe ) to connect to an IRC server and makes the affected computer a drone. Drones are hacked machines used to launch

\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes

\ open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Cl4sses\ irc HKEY_LOCAL_MACHINE\Software

unknowingly by users when visiting malicious sites. Backdoor Routine This Backdoor opens the following ports: 2275 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.216.2 It joins any of

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}c.

Description Name: Session using standard port - IRC . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior...

Description Name: Transmitted executable or script file - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of...

Description Name: BUZUS - IRC (Nickname) - Variant 2 . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...

Description Name: Executable file sent from/to non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...