Search

Description Name: DORKBOT IRC Request - Class 1 . This is Trend Micro detection for packets passing through IRC network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicator...

Trend Micro has received multiple infections similar to this threat from multiple, independent sources, including customer reports and internal sources. These indicate that this threat poses a high

This worm sends copies of itself to target recipients using the instant-messaging (IM) application, MSN Messenger . It executes commands from a remote user to connect to malicious sites to download

}.91.146 {BLOCKED}.{BLOCKED}.201.28 {BLOCKED}.{BLOCKED}.182.1 It joins any of the following IRC channel(s): #netsplit It executes the following commands from a remote malicious user: cmd - send command to

}.91.146 {BLOCKED}.{BLOCKED}.201.28 It joins any of the following IRC channel(s): #netsplit It executes the following commands from a remote malicious user: cmd - send command to linked bots nick - change

that executes this Javascript every 4 hours. It may also connect to IRC servers and receive commands from a remote user. This worm may be dropped by other malware. It may be unknowingly downloaded by a

these into malware detected as HTML_IFRAME.NV. When executed, the script triggers the download of HTML_EXPLOIT, which leads to a series of malware infections. PE_VIRUX variants access IRC servers from

\ Windows\CurrentVersion\Run Windongs = "{malware path and file name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.cat It accesses a remote Internet

commands from a remote user. It deletes the file(s) associated with the process(es) it terminates. It does the said routine to completely disable programs and applications. Installation This backdoor drops

\ Windows\CurrentVersion\Run Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}n.{BLOCKED}s.cat It accesses a remote Internet

a remote malicious user: sends an email DNS lookup Downloads a file Executes Shell Command Gets system information Executes php code TCP flood attack UDPflood attack Executes raw IRC command Port scan

This worm connects to any of the following IRC server(s): one.{BLOCKED}t.com It joins any of the following IRC channel(s): #stdout It executes the following command(s) from a remote malicious user:

{BLOCKED}.{BLOCKED}.134.75 It may also connect to IRC servers and receive commands from a remote user. This malware is capable of dropping a copy of itself to default shares in the network. It then starts a

This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious

This worm connects to specific IRC channels and uses the nick n3t . It creates the mutex "S3xY!" for its main executable. It may execute certain commands from a remote malicious user. This Trojan

IRC server Send email with attachment Other Details This Worm terminates itself if it detects it is being run in a virtual environment. It does the following: It terminates itself if it runs under a

This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,

This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF

This Worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF

character for its USER.Once connected to the IRC server, it joins a certain channel to receive and execute commands on the affected system. It infects file with a detection of PE_VIRUX.S-3. It drops any of