Search
Keyword: IRC_ZAPCHAST.BI
joins any of the following IRC channel(s): #xwar It executes the following command(s) from a remote malicious user: create random nickname for itself terminate/kill IRC application Logout Get IRC version
following information on the reference to the components and their corresponding random filenames in the system, IRC data, FTP hosts (upload sites) and infection logs. Arrival Details This malware arrives via
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It
when irc is idle %Windows%\Temp\Cookies\control.ini %Windows%\Temp\Cookies\fullname.txt - list of possible fullnames to be used in connect dialog %Windows%\Temp\Cookies\grup - used to create a random
execute arbitrary files Perform Denial of Service attack (SYN flood) Join other IRC channel Uninstall itself Download Routine This worm saves the files it downloads using the following names: %Application
server Get spoofed source addresses Set spoofed address subnet mask Disable client Enable client Terminate client Download file Stop all attacks Send raw IRC command Start remote shell NOTES: This backdoor
unknowingly by users when visiting malicious sites. Backdoor Routine This Backdoor opens the following ports: 2275 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.216.2 It joins any of
Denial of Service attack (SYN flood) Join other IRC channel Uninstall itself Download Routine This worm saves the files it downloads using the following names: %Application Data%\msnsvconfig.txt (Note:
following IRC channel(s): irc.{BLOCKED}-newbie.org:6667 It joins any of the following Internet Relay Chat (IRC) channels: #xrt It accesses a remote Internet Relay Chat (IRC) server where it receives the
as> - Downloads a file off the web and saves it onto the hd VERSION - Requests version of client KILLALL - Kills all current packeting HELP - Displays this IRC <command> - Sends this command to
Simultaneous IGMP, ICMP, UDP and TCP flooding on open ports with statistic report IRC Control: join → join a specified channel part → leave a specified channel rejoin → leave then rejoin a specified channel op
#007 It accesses a remote Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: IRC Control: join → join a specified channel part → leave a specified
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a
\command=TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): irc.{BLOCKED}ol.co.cc It accesses a remote
clear log files Terminate the bot Disconnect the bot from IRC Send a message to the IRC server Let the bot perform mode change Change BOT ID Display connection type, local IP address, and other net
{645FF040-5081-101B-9F08-00AA002F954E}\tmpmon-t829058.xtc ;garbage characters useautoplay=1 ;garbage characters Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}-0.level4-co2-as30938.su {BLOCKED
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windongs = "{malware path}\{malware file name}.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s):
{23F24C31-568D-461D-B5CA-13393D19909A} = "%Application Data%\{23F24C31-568D-461D-B5CA-13393D19909A}\hdg.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s): epic.{BLOCKED}s.xxx irc1.{BLOCKED}-wow.com It
Backdoor Routine This worm connects to any of the following Internet Relay Chat (IRC) servers: s27.{BLOCKED}ids.su It joins any of the following IRC channel(s): ##ops It executes the following commands from
This is an AndroidOS malware with backdoor capabilities. It drops a file that creates an IRC connection where it receives commands, thus compromising the affected system's security for the user. It