Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Tuesday, December 21, 2010
Methods of propagation:
• Local network
• Mcafee: W32/IRCbot.worm
• Kaspersky: Backdoor.Win32.IRCBot.amj
• TrendMicro: WORM_PUSHBOT.BA
• Sophos: Mal/IRCBot-C
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows 7
• Drops files
• Registry modification
It copies itself to the following location:
The following file is created:
One of the following values is added in order to run the process after reboot:
• "Audio Device Manager"="winfp.exe"
It is spreading via Messenger. The characteristics are described below:
– Windows Live Messenger
The sent message looks like one of the following:
• WoW? is that really you... what the hell where you drinking :D
LOL, you look so ugly in this picture, no joke...
Should I put this on facebook/myspace?
Hey m8, who is this on the right, in this picture...
Sup, seen the pictures from the other night?
– Furthermore it has the ability to perform actions such as:
• Join IRC channel
• Leave IRC channel
• Upload file
In order to check for its internet connection the following DNS server is contacted:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
Description inserted by Andrei Ilie on Wednesday, March 16, 2011
Description updated by Andrei Ilie on Thursday, March 17, 2011