Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


IRC backdoor


Aliases:


IRC backdoor
Backdoor.IRC, Backdoor, IRC

Malware

W32

Summary

IRC Backdoor (generic description).

An IRC backdoor is usually a standalone file that copies its file to Windows or Windows System folder and creates a Registry key to start that file during every Windows session. Also some IRC backdoors modify WIN.INI and SYSTEM.INI files or copy themselves to startup folders for different users. Some IRC backdoors replace INI scripts of an IRC client (mostly mIRC).



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

When an IRC backdoor is run, it established connection to an IRC server or waits until a user connects to IRC (mIRC script-based backdoor). A backdoor then creates a bot in a specific channel on a specific IRC server. An IRC bot acts as a backdoor server interface. An IRC client in this case acts as a backdoor client. A hacker can give commands to an IRC bot using IRC interface.

Most of advanced IRC backdoors allow to get a limited access to an infected system and to modify, upload, download and run files. Some IRC backdoors have additional functionalities that allow a hacker to perform malicious actions in IRC channels and in some cases can allow an attacker to completely take over an IRC channel.

Most famous IRC backdoors: SDBot, Roron, Nymph.





Description Created: Alexey Podrezov, July 14th, 2003
Description Last Modified: Alexey Podrezov, May 24th, 2004



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.