Search
Keyword: irc_gleep.a
{removable or network drive letter}:\snkb0pt\snkb0pt.exe ;{garbage characters} Backdoor Routine This worm executes the following commands from a remote malicious user: Update itself Join/Leave an IRC channel
This worm arrives by connecting affected removable drives to a system. It arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a file
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
malware. It may be unknowingly downloaded by a user while visiting malicious websites. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected
using credentials from its configuration file: {BLOCKED}.{BLOCKED}.134.75 Backdoor Routine This worm may also connect to IRC servers and receive commands from a remote user. Other Details This worm may
of the following IRC server(s): aa.{BLOCKED}ere.biz aa.{BLOCKED}nad.com It executes the following commands from a remote malicious user: Download and execute files Perform flooding attacks As of this
This worm arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It
successful connection is mad, it will join a certain channel to send and receive information from/to its IRC C&C server. However, the said sites are currently inaccessible. This worm may be downloaded by other
Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: Download and execute arbitrary files Join other IRC channel Uninstall itself As of this writing, the
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
following port(s) where it listens for remote commands: 1866 It connects to any of the following IRC server(s): http://{BLOCKED}ution.nicaze.net It accesses a remote Internet Relay Chat (IRC) server where it
Backdoor Routine This worm executes the following commands from a remote malicious user: Join an IRC channel Send private messages on IRC channel joined Update self Download arbitrary files Send MSN
instant-messaging (IM) applications: XChat Windows Messenger Windows Live Communicator MSN Messenger Pidgin Backdoor Routine This worm executes the following commands from a remote malicious user: Join an IRC channel
Monitor 3\netmon.exe WinPcap\rpcapd.exe WireShark\rawshark.exe It connects to a remote IRC server where it receives the following commands from a remote malicious user: down_exec IM IMSTOP start-scan
This malware tries to connect to websites. If the connection is succesful, the malware joins the channel #!nn! to send and receive information from its IRC C&C server. The malware can also
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
{BLOCKED}ebila.com:33333 {BLOCKED}2.{BLOCKED}o.org:33333 {BLOCKED}x.{BLOCKED}n.cc:33333 It joins any of the following IRC channel(s): GoD-2 SafE It executes the following commands from a remote malicious
the drives of an affected system. Backdoor Routine This worm connects to any of the following IRC server(s): bk1.{BLOCKED}h.cx It accesses a remote Internet Relay Chat (IRC) server where it receives the
ftp.{BLOCKED}formation.com ftp.{BLOCKED}scentral.com s046.{BLOCKED}oxmanager.com It may also connect to IRC servers and receive commands from a remote user. NOTES: Propagation Routines: This malware is
Vista/Win7 only) Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}etexplorers.org It accesses a remote Internet Relay Chat (IRC) server where it receives the following