Search

WINC WCUN WC32 PSTO Backdoor Routine This file infector connects to any of the following IRC server(s): proxim.{BLOCKED}axy.pl Other Details This file infector contains the following strings in its code:

{removable or network drive letter}:\snkb0pt\snkb0pt.exe ;{garbage characters} Backdoor Routine This worm executes the following commands from a remote malicious user: Update itself Join/Leave an IRC channel

strings in their names: OTSP WC32 WCUN WINC Backdoor Routine This file infector connects to any of the following IRC server(s): ilo.{BLOCKED}z.pl ant.{BLOCKED}z.pl HOSTS File Modification This file infector

This backdoor may be dropped by other malware. It may be hosted on a website and run when a user accesses the said website. Arrival Details This backdoor may be dropped by other malware. It may be

This worm arrives by connecting affected removable drives to a system. It arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a file

several IRC commands. NetTool.Unix.Mech (Ikarus), NetTool.Unix.Mech.e (Kaspersky)

Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: Download and execute arbitrary files Join other IRC channel Uninstall itself As of this writing, the

Backdoor Routine This Backdoor joins any of the following IRC channel(s): #{BLOCKED}t It executes the following commands from a remote malicious user: execute shell command send arbitrary irc command to

instant-messaging (IM) applications: XChat Windows Messenger Windows Live Communicator MSN Messenger Pidgin Backdoor Routine This worm executes the following commands from a remote malicious user: Join an IRC channel

into HTML files Join an IRC channel Log in to FTP sites Perform Slowloris, UDP, and SYN flooding Run Reverse Socks4 proxy server Send MSN Messenger messages Steal login credentials Update itself Visit a

This worm arrives by connecting affected removable drives to a system. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system.

Description Name: IRCBOT - Nickname - IRC - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some ind...

of the following IRC server(s): aa.{BLOCKED}ere.biz aa.{BLOCKED}nad.com It executes the following commands from a remote malicious user: Download and execute files Perform flooding attacks As of this

\command=Feast\Ival\Feast.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}t.{BLOCKED}rk.biz {BLOCKED}t.{BLOCKED}ils.net {BLOCKED}t.{BLOCKED}c.cz

This file infector arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be dropped by other malware. It infects files by overwriting code in the

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file

Backdoor Routine This worm connects to any of the following IRC server(s): {BLCOEKD}ghxxxxx.info It executes the following commands from a remote malicious user: Download and execute files Perform flooding

WINC WCUN WC32 PSTO Backdoor Routine This file infector connects to any of the following IRC server(s): proxim.{BLOCKED}axy.pl Other Details This file infector contains the following strings in its code:

This backdoor connects to Internet Relay Chat (IRC) servers. It executes commands from a remote malicious user, effectively compromising the affected system. Arrival Details This backdoor may be

characters} {removable or network drive letter}:\snkb0ptz\snkb0ptz.exe ;{garbage characters} Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.71.238:9000 {BLOCKED