Search
Keyword: irc generic
{removable or network drive letter}:\snkb0pt\snkb0pt.exe ;{garbage characters} Backdoor Routine This worm executes the following commands from a remote malicious user: Update itself Join/Leave an IRC channel
IRC channel(s): #id It executes the following commands from a remote malicious user: Block DNS Create processes Download other files Insert iFrame tags into HTML files Join an IRC channel Log in to FTP
of the following IRC server(s): aa.{BLOCKED}ere.biz aa.{BLOCKED}nad.com It executes the following commands from a remote malicious user: Download and execute files Perform flooding attacks As of this
\command=Feast\Ival\Feast.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}t.{BLOCKED}rk.biz {BLOCKED}t.{BLOCKED}ils.net {BLOCKED}t.{BLOCKED}c.cz
Backdoor Routine This worm connects to any of the following IRC server(s): {BLCOEKD}ghxxxxx.info It executes the following commands from a remote malicious user: Download and execute files Perform flooding
sites hosting remote copies of itself using the following instant-messaging (IM) applications: Yahoo XFire Skype PalTalk ICQ GTalk MSN Backdoor Routine This worm connects to any of the following IRC
flooding Send spam mails Other Details This Backdoor uses the following credentials when accessing its IRC server: Nick Linux| User {random} where {random} can be any of the following: dildos invisible_man
any of the following Internet Relay Chat (IRC) servers: {BLOCKED}.{BLOCKED}.105.87 1337hub.{BLOCKED}me.net It joins any of the following IRC channel(s): #.# It accesses a remote Internet Relay Chat (IRC
CVE-2005-3745 Apache Software Foundation Struts 1.2.7 1000552 - Generic Cross Site Scripting(XSS) Prevention 1000552| 1000552 - Generic Cross Site Scripting(XSS) Prevention
characters} {removable or network drive letter}:\snkb0ptz\snkb0ptz.exe ;{garbage characters} Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.71.238:9000 {BLOCKED
VirTool:Win32/DelfInject.gen!X (Microsoft); PWS-LDPinch.a!hv (McAfee); IRC Trojan (Symantec); PAK:UPX, Packed.Win32.CPEX-based.eq (Kaspersky); Packed.Win32.ExeFlasher (v) (Sunbelt); Application.Generic.176086 (FSecure)
Identifier & Title IDF First Pattern Version IDF First Pattern Release Version CVE-2010-2733 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010 CVE-2010-2734 1000552 - Generic Cross
Start Page = http://domredi.com/1/ (Note: The default value data of the said registry entry is {user defined} .) NOTES: It connects to the following IRC server: {BLOCKED}3.{BLOCKED}9.107.27 Connects to
\Microsoft-Driver-1-53-2495-3625-9745\winsvn.exe" Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}0.com {BLOCKED}00.net
output of the command interpreter to data from certain IRC server (Datapipe) Manage SQL databases Execute PHP code Remove itself from the server Scan FTP accounts for weak passwords using brute force and
that executes this Javascript every 4 hours. It may also connect to IRC servers and receive commands from a remote user. This worm may be dropped by other malware. It may be unknowingly downloaded by a
\default=1 useautoplay=1 Backdoor Routine This Worm connects to any of the following IRC server(s): http://j52.coax-{BLOCKED}-{BLOCKED}.su http://j65.coax-{BLOCKED}-{BLOCKED}.su http://j30.bull-{BLOCKED}-
following files: .DLL files PE Files with _win section name Files with infection marker Backdoor Routine This file infector connects to any of the following IRC server(s): ru.{BLOCKED}s.pl core.{BLOCKED
the following information: Reference to the components and their corresponding random file names in the system IRC data FTP hosts (upload sites) infection log It is capable of monitoring the browsing
the drives of an affected system. Backdoor Routine This worm connects to any of the following IRC server(s): bk1.{BLOCKED}h.cx It accesses a remote Internet Relay Chat (IRC) server where it receives the