Search
Keyword: IRC_IRCFLOOD.X
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
irc.{BLOCKED}.net It joins any of the following IRC channel(s): #DL34k3rBn3t #secAssgdf It executes the following commands from a remote malicious user: attack - perform Denial of Service (DOS) attack to
\Classes\ irc HKEY_LOCAL_MACHINE\Software\Classes\ irc\DefaultIcon HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ command HKEY_LOCAL_MACHINE\Software\Classes\ irc\Shell\open\ ddeexec HKEY_LOCAL_MACHINE
Upon execution, this backdoor connects to the Internet Relay Chat (IRC) server irc.2ch.net , where it joins the channel ##ReVoLuTiOn## . It opens the port TCP 6667 where it listens for remote
This malware is an IRC (Internet Relay Chat) bot that leverages the Bash bug vulnerability, also known as Shellshock. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to
following mutexes to ensure that only one of its copies runs at any one time: 0ze2thz285hezj1hG42 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}n.{BLOCKED}eople.net It
" "winpass" "main" "lan" "internet" "intranet" "student" "teacher" "staff" Backdoor Routine This worm connects to any of the following IRC server(s): oak.{BLOCKED}me.net {BLOCKED}.{BLOCKED}.179.100 ringc.
joins any of the following IRC channel(s): #xwar It executes the following command(s) from a remote malicious user: create random nickname for itself terminate/kill IRC application Logout Get IRC version
following information on the reference to the components and their corresponding random filenames in the system, IRC data, FTP hosts (upload sites) and infection logs. Arrival Details This malware arrives via
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It
when irc is idle %Windows%\Temp\Cookies\control.ini %Windows%\Temp\Cookies\fullname.txt - list of possible fullnames to be used in connect dialog %Windows%\Temp\Cookies\grup - used to create a random
server Get spoofed source addresses Set spoofed address subnet mask Disable client Enable client Terminate client Download file Stop all attacks Send raw IRC command Start remote shell NOTES: This backdoor
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
unknowingly by users when visiting malicious sites. Backdoor Routine This Backdoor opens the following ports: 2275 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.216.2 It joins any of
Denial of Service attack (SYN flood) Join other IRC channel Uninstall itself Download Routine This worm saves the files it downloads using the following names: %Application Data%\msnsvconfig.txt (Note:
following IRC channel(s): irc.{BLOCKED}-newbie.org:6667 It joins any of the following Internet Relay Chat (IRC) channels: #xrt It accesses a remote Internet Relay Chat (IRC) server where it receives the
\command=TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): irc.{BLOCKED}ol.co.cc It accesses a remote
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windongs = "{malware path}\{malware file name}.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s):
propagate across networks: Vulnerability in Server Service Could Allow Remote Code Execution (958644) NOTES: This malware connects to a remote IRC server, once connected, it joins an IRC channel where it
=SYSTEM.EXE ;{garbage} uSEAUTopLaY = 1 ;{garbage} ShElL\\\\\\eXpLorE\\\CoMmAnD=SYSTEM.EXE ;{garbage} Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}et.in It joins any of the