Virus type: Worm
Destructive: No
Aliases: W32/Randbot.worm, Backdoor.IRCBot.gen
This malware has both worm and backdoor functionalities.
As a worm, it worm attempts to propagate via default network-shared folders. It scans for nearby IP addresses within the network and for every IP address it finds, it attempts to copy itself as GT.exe in default NT shares. To access a share, it uses a list of passwords.
This malware uses IRC (Internet Relay Chat) for its backdoor functionalities. It connects to a certain IRC server and there waits for commands from the malicious user.
It enables a remote malicious user to do the following:
Get system information
Transfer files
Get Network information
Create IRC clones with random nicks
Execute files
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RANDBOT.A
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
WORM_RANDBOT.A
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic