Search

Description Name: Session using non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusu...

These also access certain IRC servers via port 80. Once connected, these receive and execute commands, compromising infected systems’ security. These download other malicious files, depending on when the

\svchost.exe Backdoor Routine This backdoor opens the following ports: 6667 It connects to any of the following Internet Relay Chat (IRC) servers: xxxxxtsghxxxxx.info It joins any of the following IRC channel(s

variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV

\ Windows\CurrentVersion\Run Windongs = "{malware path and file name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.cat It accesses a remote Internet

This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to Internet Relay Chat (IRC) servers.

connect to the IRC server mentioned above. It joins the following channel: #!,#Ma It then retrieves the following details from the infected system: Operating System Version Service Pack installed IP address

action=Open folder to view files shell\open=Open shell\open\command=OGa\RD\GOx.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}k.{BLOCKED

variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV

variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV

Chat (IRC) servers: {BLOCKED}50.asia {BLOCKED}50.in {BLOCKED}50.pro It joins any of the following IRC channel(s): #go It executes the following commands from a remote malicious user: Download and execute

remote sites Join IRC server However, as of this writing, the said sites are inaccessible. NOTES: This worm uses the following file names when dropped in peer-to-peer folders: AOL Hacker 2009.exe Adobe

joins any of the following IRC channel(s): #b File Infection It propagates via shared networks and drops copies of itself into available networks. Information Theft It launches a carnivore sniffer to

Update Backdoor Routine This backdoor connects to any of the following Internet Relay Chat (IRC) servers: fo3.net It joins any of the following IRC channel(s): #Huxor# #huxor.scan# #Huxor.scan# #log# It

. It infects certain file types. It avoids infecting files that contain certain strings in their names. It adds certain strings to the Windows HOSTS file. It connects to certain IRC servers using UDP

Create/Terminate Processes Create/Terminate/Scan Thread Join IRC Send Private Messages Delete Files Download Files Download Routine This Trojan accesses websites to download the following files:

remove itself Download and execute files Perform HTTP and FTP operations to download and execute files Inject code into the file, TCPIP.SYS Perform IRC commands Other Details This Trojan does the

servers: {BLOCKED}ate.com It joins any of the following IRC channel(s): #1 It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the

and Conquer: Red Alert 2 Westwood NOX Techland Chrome Hidden & Dangerous 2 Soldier of Fortune II - Double Helix Neverwinter Nights It deletes itself after execution. Propagates via IRC Steals

that executes this Javascript every 4 hours. It may also connect to IRC servers and receive commands from a remote user. This worm may be dropped by other malware. It may be unknowingly downloaded by a