Search
Keyword: IRC_IRCFLOOD.X
unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC
http://www.{BLOCKED}er-services.name/b.c Backdoor Routine This backdoor connects to any of the following IRC server(s): x.{BLOCKED}shellz.net:25 It joins any of the following Internet Relay Chat (IRC) channels:
Installation This worm drops the following component file(s): %Program Files%\Microsoft Office\OFFICE11\control.ini - IRC configuration file %Program Files%\Microsoft Office\OFFICE11\Drvics32.dll - network
Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.18.114 {BLOCKED}.{BLOCKED}.18.119 {BLOCKED}.{BLOCKED}.18.121 {BLOCKED}.{BLOCKED}.220.124 {BLOCKED}.{BLOCKED
successful connection is mad, it will join a certain channel to send and receive information from/to its IRC C&C server. However, the said sites are currently inaccessible. This worm may be downloaded by other
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to Internet
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is injected into all
Windows Live Messenger MSN Messenger Windows Messenger Backdoor Routine This worm executes the following commands from a remote malicious user: Join an IRC channel Send private messages on IRC channel
connect to the IRC server mentioned above. It joins the following channel: #!,#Ma It then retrieves the following details from the infected system: Operating System Version Service Pack installed IP address
following IRC server(s): nuevo.{BLOCKED}ardigital.com server1.{BLOCKED}ootmusic.com Adware Routine This worm connects to the following URLs to download and display ads: http://browseusers.{BLOCKED
removable drives: {removable drive letter}:\{computer name}\{computer name}\{computer name}\hjd.exe Backdoor Routine This worm connects to any of the following IRC server(s): up.{BLOCKED}ays.in up.{BLOCKED
Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}2.{BLOCKED}3.210.216:23 irc.{BLOCKED}k.tk:6667 {BLOCKED}.{BLOCKED}.50.237:6969 It joins any of the following IRC
{BLOCKED}x.com/shock/cgi Backdoor Routine This backdoor connects to any of the following IRC server(s): irc.{BLOCKED}k.tk:6667 {BLOCKED}.{BLOCKED}.50.237:6969 It joins any of the following IRC channel(s):
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
VirTool:Win32/DelfInject.gen!X (Microsoft); BackDoor-DOQ.gen.w (McAfee); IRC Trojan (Symantec); Packed.Win32.CPEX-based.d (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan.IRC (FSecure)
Monitor 3\netmon.exe WinPcap\rpcapd.exe WireShark\rawshark.exe It connects to a remote IRC server where it receives the following commands from a remote malicious user: down_exec IM IMSTOP start-scan
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
the following IRC server(s): {BLOCKED}.{BLOCKED}.82.177 It joins any of the following IRC channel(s): #Ganja It executes the following commands from a remote malicious user: clean - removes the malware
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a