Threat Description

IRC backdoor

Details

Aliases:IRC backdoor, Backdoor.IRC, Backdoor, IRC
Category: Malware
Type:
Platform: W32

Summary



IRC Backdoor (generic description).

An IRC backdoor is usually a standalone file that copies its file to Windows or Windows System folder and creates a Registry key to start that file during every Windows session. Also some IRC backdoors modify WIN.INI and SYSTEM.INI files or copy themselves to startup folders for different users. Some IRC backdoors replace INI scripts of an IRC client (mostly mIRC).



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



When an IRC backdoor is run, it established connection to an IRC server or waits until a user connects to IRC (mIRC script-based backdoor). A backdoor then creates a bot in a specific channel on a specific IRC server. An IRC bot acts as a backdoor server interface. An IRC client in this case acts as a backdoor client. A hacker can give commands to an IRC bot using IRC interface.

Most of advanced IRC backdoors allow to get a limited access to an infected system and to modify, upload, download and run files. Some IRC backdoors have additional functionalities that allow a hacker to perform malicious actions in IRC channels and in some cases can allow an attacker to completely take over an IRC channel.

Most famous IRC backdoors: SDBot, Roron, Nymph.





Description Created: Alexey Podrezov, July 14th, 2003
Description Last Modified: Alexey Podrezov, May 24th, 2004


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More