Search
Keyword: IRC_IRCFLOOD.X
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It connects
This backdoor may be dropped by other malware. It executes when a user accesses certain websites where it is hosted. Arrival Details This backdoor may be dropped by other malware. It executes when a
any of the following IRC server(s): irc.{BLOCKED}ka.co.vu:6667 It joins any of the following IRC channel(s): #berkah #neraka It executes the following command(s) from a remote malicious user: DNS lookup
{BLOCKED}.{BLOCKED}.202.28/.wp/sshd2 Backdoor Routine This Backdoor connects to any of the following IRC server(s): {BLOCKED}ers.ry:80 It joins any of the following IRC channel(s): #ssh It accesses a remote
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
=Open shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\unek.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): unek.{BLOCKED
connects to any of the following Internet Relay Chat (IRC) servers: exploited.lsass.org:19899 It joins any of the following IRC channel(s): ##lsass# It executes the following command(s) from a remote
This malware supports its main worm component for its mIRC routines. This Trojan may be dropped by other malware. Arrival Details This Trojan may be dropped by the following malware: WORM_IRCBOT
This Trojan is a configuration file dropped by variants of WORM_QAKBOT malware. It contains the following information: URL where it can download an updated copy of its configuration file. FTP and IRC
worm listens on the following port(s): TCP 18631 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.174.3 It joins any of the following Internet Relay Chat (IRC) channels: #l4mer#
It receives commands from a remote malicious user via IRC. These commands are executed on the affected system. However, as of this writing, the said servers are inaccessible. This worm arrives via
Chat (IRC) servers: {BLOCKED}5.{BLOCKED}8.5.139 It joins any of the following IRC channel(s): #ng Other Details This worm connects to the following URL(s) to get the affected system's IP address:
following ports: 7081 It connects to any of the following IRC server(s): d.{BLOCKED}book.com It may also connect to Internet Relay Chat (IRC) servers and receive commands from a remote user. Denial of Service
Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: {BLOCKED}.us.dal.net It adds an IRC script that automatically sends the following messages to everyone who accesses the
of the following routes: Via IRC Via instant messengers Via removable drives Its main objective is to execute commands on an infected computer by way of connecting to a specific IRC server and channel.
This Trojan may be hosted on a website and run when a user accesses the said website. Arrival Details This Trojan may be hosted on a website and run when a user accesses the said website. Other
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It gathers target email addresses from the Windows Address Book (WAB). It joins an
from the following remote site(s): http://{BLOCKED}.{BLOCKED}.67.223/jur Backdoor Routine This Trojan connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.209.84:443 It joins any of the
of the following routes: Via IRC Via instant messengers Via removable drives Its main objective is to execute commands on an infected computer by way of connecting to a specific IRC server and channel.
IRC channel(s): #id It executes the following commands from a remote malicious user: Block DNS Create processes Download other files Insert iFrame tags into HTML files Join an IRC channel Log in to FTP