Search
Keyword: irc generic
variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV
\ Windows\CurrentVersion\Run Windongs = "{malware path and file name}" Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.cat It accesses a remote Internet
variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windongs = "{malware path}\{malware file name}.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s):
connects to any of the following Internet Relay Chat (IRC) servers: exploited.lsass.org:19899 It joins any of the following IRC channel(s): ##lsass# It executes the following command(s) from a remote
Backdoor Routine This backdoor connects to any of the following IRC server(s): {BLOCKED}2.{BLOCKED}3.210.216:23 irc.{BLOCKED}k.tk:6667 {BLOCKED}.{BLOCKED}.50.237:6969 It joins any of the following IRC
\command=TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): irc.{BLOCKED}ol.co.cc It accesses a remote
following IRC server(s): nuevo.{BLOCKED}ardigital.com server1.{BLOCKED}ootmusic.com Adware Routine This worm connects to the following URLs to download and display ads: http://browseusers.{BLOCKED
of the following routes: Via IRC Via instant messengers Via removable drives Its main objective is to execute commands on an infected computer by way of connecting to a specific IRC server and channel.
contains the following: reference to the components and their corresponding random filenames in the system P2P node IRC data (port, nick, password) FTP hosts (upload sites) configuration file version
variant injects malicious iframe code to infect script files. When executed, VIRUX accesses IRC servers to receive malicious commands and download URLs. The said URLs lead to other malware including FAKEAV
%Application Data%\svchost.exe"" Backdoor Routine This worm opens the following port(s) where it listens for remote commands: TCP 6667 It connects to any of the following IRC server(s): {BLOCKED}c.{BLOCKED}s.com
Backdoor:Win32/Zegost.L (Microsoft); BackDoor-DOQ.gen.w (McAfee); IRC Trojan (Symantec); Packed.Win32.CPEX-based.s (Kaspersky); VirTool.Win32.DelfInject.gen!AA (v) (Sunbelt); Backdoor.Bifrose.FG (FSecure)
}.3.19 It does the following: Connect to IRC server. Download files. Receive commands from remote user. Backdoor:Perl/Shellbot.S (Microsoft); Backdoor.Perl.Shellbot.au (Kaspersky); Perl/IRCBot.I!tr
action=Open folder to view files shell\open=Open shell\open\command=OGa\RD\GOx.exe shell\open\default=1 Backdoor Routine This worm connects to any of the following IRC server(s): {BLOCKED}k.{BLOCKED
{23F24C31-568D-461D-B5CA-13393D19909A} = "%Application Data%\{23F24C31-568D-461D-B5CA-13393D19909A}\hdg.exe" Backdoor Routine This backdoor connects to any of the following IRC server(s): epic.{BLOCKED}s.xxx irc1.{BLOCKED}-wow.com It
This worm connects to any of the following IRC server(s): one.{BLOCKED}t.com It joins any of the following IRC channel(s): #stdout It executes the following command(s) from a remote malicious user:
!killall - Terminate all Perl processes !reset - Reconnect to IRC server !jo - Join a channel !part - Leave a channel !nick - Change nickname !pid - Send fake process name and process ID ! - Execute a shell
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a