Search

This Worm adds registry entries to enable its automatic execution at every system startup. Installation This Worm drops the following files: %Program Files%\mIRC\IRC Bot\Stupid.sys %Program Files%

HKEY_LOCAL_MACHINE\SOFTWARE\GCI HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3 HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\IRC HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\ICQ It adds the following registry entries:

This backdoor connects to specific IRC server and joins a particular IRC channel. It is capable of receiving and executing specific commands from the IRC server. This backdoor arrives on a system as

Description Name: Session using non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusu...

any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup

This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC

This malware is an IRC (Internet Relay Chat) bot that leverages the Bash bug vulnerability, also known as Shellshock. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to

This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as

This Trojan is a malicious mIRC script that uses a legitimate mIRC client ( daemon.exe ) to connect to an IRC server and makes the affected computer a drone. Drones are hacked machines used to launch

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

unknowingly by users when visiting malicious sites. Backdoor Routine This Backdoor opens the following ports: 2275 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.216.2 It joins any of

\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}c.

Description Name: Session using standard port - IRC . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior...

Description Name: Public C&C IP address - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual beha...

Description Name: Transmitted executable or script file - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of...

Description Name: BUZUS - IRC (Nickname) - Variant 2 . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...

Description Name: Executable file sent from/to non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...

\ open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Cl4sses\ irc HKEY_LOCAL_MACHINE\Software