Threat description




Flood is a family of script-based backdoors that operate with a modified IRC client application and a set of utilities. Quite often these backdoors are spread in self-extracting archives and customized installation packages. F-Secure Anti-Virus detects over 40 different Flood backdoor variants.


Disinfection of Flood backdoor is simple - just delete or rename (if deleting fails) all infected files and restart your computer.

Technical Details

The backdoor is basically an IRC script that operates with a modified IRC client, usually mIRC. The backdoor can use external utilities for its needs. A hacker can control the backdoor by sending specific commands to it. The latest backdoor variants can perform the following actions:

- open a file server on an infected computer
- give OP to a specific user or everyone
- change channel mode
- give VOICE to a specific user or everyone
- deOP a specific user or everyone
- deVOICE a specific user or everyone
- add a user to autoOP list
- add a user to autoVOICE list
- delete user from a channel list
- add aliases
- change IRC server
- add server to a server list
- reconnect to a server
- join or part a specific channel
- join or part a specific channel in a cycle
- kick a specific user from a channel
- show backdoor info
- ban a specific user from a channel
- set specific variable
- change nickname
- show backdoor version
- show backdoor credits
- send messages
- get channel statistics
- clear server list
- remove specific variable

Some commands will only work if an infected IRC user has an OP or high rank in a specified channel.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info