Search
Keyword: IRC_Generic
\ Windows\CurrentVersion\Run Wincpa or Windongs = "{Malware Path and File Name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.249.189:443 epic.dildoes.xxx
Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}6.{BLOCKED}rog.su {BLOCKED}4.{BLOCKED}ore.su {BLOCKED}8.{BLOCKED}ore.su {BLOCKED}6.{BLOCKED}ore.su {BLOCKED}0.{BLOCKED
=Open shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\unek.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): unek.{BLOCKED
connects to any of the following Internet Relay Chat (IRC) servers: exploited.lsass.org:19899 It joins any of the following IRC channel(s): ##lsass# It executes the following command(s) from a remote
This malware supports its main worm component for its mIRC routines. This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following malware: WORM_IRCBOT
This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC
worm listens on the following port(s): TCP 18631 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.174.3 It joins any of the following Internet Relay Chat (IRC) channels: #l4mer#
It receives commands from a remote malicious user via IRC. These commands are executed on the affected system. However, as of this writing, the said servers are inaccessible. This worm arrives via
Chat (IRC) servers: {BLOCKED}5.{BLOCKED}8.5.139 It joins any of the following IRC channel(s): #ng Other Details This worm connects to the following URL(s) to get the affected system's IP address:
following ports: 7081 It connects to any of the following IRC server(s): d.{BLOCKED}book.com It may also connect to Internet Relay Chat (IRC) servers and receive commands from a remote user. Denial of Service
wwwadmin Backdoor Routine This worm connects to any of the following IRC server(s): Irc.{BLOCKED}z.com It joins any of the following Internet Relay Chat (IRC) channels: ##synfu## ##flash## #~priv~# #~cevi~#
of the following routes: Via IRC Via instant messengers Via removable drives Its main objective is to execute commands on an infected computer by way of connecting to a specific IRC server and channel.
This Trojan may be hosted on a website and run when a user accesses the said website. Arrival Details This Trojan may be hosted on a website and run when a user accesses the said website. Other
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It gathers target email addresses from the Windows Address Book (WAB). It joins an
from the following remote site(s): http://{BLOCKED}.{BLOCKED}.67.223/jur Backdoor Routine This Trojan connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.209.84:443 It joins any of the
of the following routes: Via IRC Via instant messengers Via removable drives Its main objective is to execute commands on an infected computer by way of connecting to a specific IRC server and channel.
IRC channel(s): #id It executes the following commands from a remote malicious user: Block DNS Create processes Download other files Insert iFrame tags into HTML files Join an IRC channel Log in to FTP
does not infect files with certain characteristics. It also searches for target script files for iframe infection. Infected script files are detected as HTML_IFRAME.SMV. It connects to certain IRC
following credentials when accessing its IRC server: NICK US|{random value} USER 10112{random} UNIX UNIX :{username} Worm:Win32/Colowned.A (Microsoft); W32.Colowned.A (Symantec); Win32/Colowned.C (ESET-NOD32
following IRC server(s): irc.{BLOCKED}arder.net It joins any of the following Internet Relay Chat (IRC) channels: #helltest3 Other Details This Worm does the following: It sends copies of itself as compressed