Search
Keyword: irc_gleep.a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives as a dropped file by a variant of the WORM_QAKBOT family. This is the general configuration file that is part of the QAKBOT package. Once decrypted, it typically contains the
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It
commands. This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It arrives as a component bundled with malware/grayware packages. It executes then deletes itself afterward. It
{BLOCKED}.{BLOCKED}.202.28/.wp/sshd2 Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}ers.ry:80 It joins any of the following IRC channel(s): #ssh It accesses a remote
clear log files Terminate the bot Disconnect the bot from IRC Send a message to the IRC server Let the bot perform mode change Change BOT ID Display connection type, local IP address, and other net
joins any of the following IRC channel(s): #test5 It accesses a remote Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: (DOWNLOAD) - Downloads and
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It joins an Internet Relay Chat (IRC) channel. Arrival
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF
}0.level4-co1-as30912.su {BLOCKED-0.level4-co1-as30912.su {BLOCKED}0.level4-co2-as30938.su It joins any of the following IRC channel(s): ##net It executes the following commands from a remote malicious user: Download and
following IRC channel(s): #SKuffLe# However, as of this writing, the said sites are inaccessible. It accesses a remote Internet Relay Chat (IRC) server where it receives the following commands from a remote
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It connects
This is an AndroidOS malware with backdoor capabilities. It drops a file that creates an IRC connection where it receives commands, thus compromising the affected system's security for the user. It
command Start remote shell NOTES: The IRC nickname it uses is a randomly generated string. It creates and locks the file /tmp/.z to ensure that only one copy of itself is running. Downloaded from the
is running. It connects to the Internet Relay Chat (IRC) server linksys.{BLOCKED}shellz.net:25 . The IRC nickname it uses is a randomly generated string. Backdoor:MacOS_X/Tsunami.A (Microsoft),
\command=TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): irc.{BLOCKED}ol.co.cc It accesses a remote
any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires its main component to successfully perform
propagate across networks: Vulnerability in Server Service Could Allow Remote Code Execution (958644) NOTES: This malware connects to a remote IRC server, once connected, it joins an IRC channel where it
remote shell NOTES: It changes its process name to -bash and clears its command line. The IRC nickname it uses is a randomly generated string. It creates and locks the file /tmp/.z to ensure that only one
