Classification

Category: Malware

Type: Backdoor

Aliases: Flood, Backdoor.IRC.Flood, IRC/Flood

Summary


Flood is a family of script-based backdoors that operate with a modified IRC client application and a set of utilities. Quite often these backdoors are spread in self-extracting archives and customized installation packages. F-Secure Anti-Virus detects over 40 different Flood backdoor variants.

Removal


Disinfection of Flood backdoor is simple - just delete or rename (if deleting fails) all infected files and restart your computer.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The backdoor is basically an IRC script that operates with a modified IRC client, usually mIRC. The backdoor can use external utilities for its needs. A hacker can control the backdoor by sending specific commands to it. The latest backdoor variants can perform the following actions:

- open a file server on an infected computer
- give OP to a specific user or everyone
- change channel mode
- give VOICE to a specific user or everyone
- deOP a specific user or everyone
- deVOICE a specific user or everyone
- add a user to autoOP list
- add a user to autoVOICE list
- delete user from a channel list
- add aliases
- change IRC server
- add server to a server list
- reconnect to a server
- join or part a specific channel
- join or part a specific channel in a cycle
- kick a specific user from a channel
- show backdoor info
- ban a specific user from a channel
- set specific variable
- change nickname
- show backdoor version
- show backdoor credits
- send messages
- get channel statistics
- clear server list
- remove specific variable

Some commands will only work if an infected IRC user has an OP or high rank in a specified channel.