Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

IRC/Flood.dk

Feb 19, 2004 8:44AM PST

Date Discovered: 10/24/2003
Date Added: 2/19/2004
Origin: Unknown
Length: 912022 bytes
Type: Trojan

This is a detection for an IRC Bot offering various backdoor and flood capablilities to an attacker. It's writen in MIRC script and uses a patched version of Mirc as well as some other external programs and DLL's.
An attacker can gain access to the harddrive of an infected machine, such as down/upload information or programs and execute them - or terminating running processes. Query the machine for the 'CD-Key' from a few online games or for general system information.

The bot can be used from by an attacker as HTTP proxy or BNC in order to relay connections.

On command, the bot tries to connect to machines within the local network using IPC$ and weak username and password combinations.

The arrives in a package and when executed, it drops several files on the disk:

Read more: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101036

Discussion is locked