Threat description


Category: Malware
Type: Backdoor
Platform: W32


Flood is a family of script-based backdoors that operate with a modified IRC client application and a set of utilities. Quite often these backdoors are spread in self-extracting archives and customized installation packages. F-Secure Anti-Virus detects over 40 different Flood backdoor variants.


Disinfection of Flood backdoor is simple - just delete or rename (if deleting fails) all infected files and restart your computer.

Technical Details

The backdoor is basically an IRC script that operates with a modified IRC client, usually mIRC. The backdoor can use external utilities for its needs. A hacker can control the backdoor by sending specific commands to it. The latest backdoor variants can perform the following actions:

- open a file server on an infected computer  - give OP to a specific user or everyone  - change channel mode  - give VOICE to a specific user or everyone  - deOP a specific user or everyone  - deVOICE a specific user or everyone  - add a user to autoOP list  - add a user to autoVOICE list  - delete user from a channel list  - add aliases  - change IRC server  - add server to a server list  - reconnect to a server  - join or part a specific channel  - join or part a specific channel in a cycle  - kick a specific user from a channel  - show backdoor info  - ban a specific user from a channel  - set specific variable  - change nickname  - show backdoor version  - show backdoor credits  - send messages  - get channel statistics  - clear server list  - remove specific variable    

Some commands will only work if an infected IRC user has an OP or high rank in a specified channel.

Technical Details: Alexey Podrezov, January 13th, 2003


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More