Flood is a family of script-based backdoors that operate with a
modified IRC client application and a set of utilities. Quite
often these backdoors are spread in self-extracting archives and
customized installation packages. F-Secure Anti-Virus detects
over 40 different Flood backdoor variants.
The backdoor is basically an IRC script that operates with a
modified IRC client, usually mIRC. The backdoor can use external
utilities for its needs. A hacker can control the backdoor by
sending specific commands to it. The latest backdoor variants can
perform the following actions:
- open a file server on an infected computer
- give OP to a specific user or everyone
- change channel mode
- give VOICE to a specific user or everyone
- deOP a specific user or everyone
- deVOICE a specific user or everyone
- add a user to autoOP list
- add a user to autoVOICE list
- delete user from a channel list
- add aliases
- change IRC server
- add server to a server list
- reconnect to a server
- join or part a specific channel
- join or part a specific channel in a cycle
- kick a specific user from a channel
- show backdoor info
- ban a specific user from a channel
- set specific variable
- change nickname
- show backdoor version
- show backdoor credits
- send messages
- get channel statistics
- clear server list
- remove specific variable