Search
Keyword: IRC_IRCFLOOD.X
IRC channel to listen for remote commands from a malicious user.
This description is based on the compiled analysis of several variants of WORM_OTORUN. Note that specific data such as file names and registry values may vary for each variant. This worm arrives by
this writing, the said sites are inaccessible. NOTES: It is capable of executing the following commands: Connect to an IRC channel Create processes Create thread Download files Kill threads Propagate
to any of the following IRC server(s): av.{BLOCKED}en.cc av.{BLOCKED}nc.cz up.{BLOCKED}vidic.net up.{BLOCKED}eek.net up.{BLOCKED}cat.org up.{BLOCKED}ys.in up.{BLOCKED}awy.in Other Details This worm
to a certain IRC server using a certain port and joins a channel where it receives commands from a malicious user. It sends the following information to its C&C server: ext_ip dnsname hostname user
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This worm creates the following folders: %Program Files%\mIRC %Program Files%\mIRC\IRC Bot
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
/tmp/ktx* /tmp/cpuminer-multi /var/tmp/kaiten Backdoor Routine This Backdoor connects to any of the following IRC server(s): ix1.{BLOCKED}et.org ix2.{BLOCKED}et.org Ashburn.Va.Us.{BLOCKED}et.org
This Trojan is a malicious mIRC script that uses a legitimate mIRC client ( daemon.exe ) to connect to an IRC server and makes the affected computer a drone. Drones are hacked machines used to launch
This Worm adds registry entries to enable its automatic execution at every system startup. Installation This Worm drops the following files: %Program Files%\mIRC\IRC Bot\Stupid.sys %Program Files%
\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\GCI HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3 HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\IRC HKEY_LOCAL_MACHINE\SOFTWARE\GCI\ BioNet 3\ICQ It adds the following registry entries:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
downloaded unknowingly by users when visiting malicious sites. Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}i.bot.nu:5190 It joins any of the following Internet Relay
commands from bot masters. IRC bots issue commands via IRC communication protocol to allow cybercriminals to can send commands to infected systems. These bots became rampant during the outbreak era . They
\ open\ddeexec\Application HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\ifexec HKEY_CLASSES_ROOT\ChatFile\Shell\ open\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Cl4sses\ irc HKEY_LOCAL_MACHINE\Software
\ddeexec\Topic HKEY_LOCAL_MACHINE\Software\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes
This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as
\ ChatFile\Shell\open\ ddeexec\ifexec HKEY_CURRENT_USER\Software\Classes\ ChatFile\Shell\open\ ddeexec\Topic HKEY_CURRENT_USER\Software\Classes\ irc HKEY_CURRENT_USER\Software\Classes\ irc\DefaultIcon
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a