Search
Keyword: IRC_Generic
following IRC server(s): nuevo.{BLOCKED}ardigital.com server1.{BLOCKED}ootmusic.com Adware Routine This worm connects to the following URLs to download and display ads: http://browseusers.{BLOCKED
(IRC) servers: {BLOCKED}2.{BLOCKED}7.82.177 It joins any of the following IRC channel(s): #Ganja It executes the following commands from a remote malicious user: KillAv update clean visit speedtest
This Trojan arrives as a component bundled with malware/grayware packages. It may be dropped by other malware. Arrival Details This Trojan arrives as a component bundled with malware/grayware
the said website. Backdoor Routine This backdoor opens the following port(s) where it listens for remote commands: TCP 6667 It connects to any of the following IRC server(s): {BLOCKED}c.{BLOCKED}irc.org
6969 It connects to any of the following Internet Relay Chat (IRC) servers: {BLOCKED}as.{BLOCKED}a2011.com {BLOCKED}lz.edu It joins any of the following IRC channel(s): #spmx It executes the following
commands: TCP 1685 It connects to any of the following IRC server(s): {BLOCKED}ro.ru It joins any of the following IRC channel(s): #infe Other Details This backdoor connects to the following URL(s) to get the
unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}et.{BLOCKED}texist.org {BLOCKED}stick.{BLOCKED}ns-remote.com It joins
the package file to default shares. This worm's configuration file contains the following information: - Reference to the components and their corresponding random filenames in the system - IRC data -
This worm connects to any of the following IRC server(s): one.{BLOCKED}t.com It joins any of the following IRC channel(s): #stdout It executes the following command(s) from a remote malicious user:
Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.182.255 {BLOCKED}.{BLOCKED}.182.1 {BLOCKED}.{BLOCKED}.74.10 {BLOCKED}.{BLOCKED}.175.201 {BLOCKED}.{BLOCKED
Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.182.255 {BLOCKED}.{BLOCKED}.182.1 {BLOCKED}.{BLOCKED}.74.10 {BLOCKED}.{BLOCKED}.175.201 {BLOCKED}.{BLOCKED
Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}2.{BLOCKED}3.210.216:23 irc.{BLOCKED}k.tk:6667 {BLOCKED}.{BLOCKED}.50.237:6969 It joins any of the following IRC
This backdoor deletes autostart registry entries associated with the processes it terminates to completely disable applications. It may also connect to Internet Relay Chat (IRC) servers and receive
character for its USER. Once connected to the IRC server, it joins a certain channel to receive and execute commands on the affected system. This file infector arrives on a system as a file dropped by other
character for its USER. Once connected to the IRC server, it joins a certain channel to receive and execute commands on the affected system. This file infector arrives on a system as a file dropped by other
flooding Send spam mails Other Details This Backdoor uses the following credentials when accessing its IRC server: Nick Linux| User {random} where {random} can be any of the following: dildos invisible_man
This file infector connects to certain IRC server(s). This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
ZLULBOT, also known as ZOMBIE, is a bot client used to conduct distributed denial of service (DDoS) attacks against several Brazil-based websites in 2011. It joins a specific Internet Relay Chat (IRC
any of the following IRC server(s): {BLOCKED}.{BLOCKED}.144.140:6667 {BLOCKED}.{BLOCKED}.146.114:6660 It joins any of the following IRC channel(s): #puteri #pbot It executes the following commands from
\ Windows\CurrentVersion\Run Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}n.{BLOCKED}s.cat It accesses a remote Internet