Threat description




Flood is a family of script-based backdoors that operate with a modified IRC client application and a set of utilities. Quite often these backdoors are spread in self-extracting archives and customized installation packages. F-Secure Anti-Virus detects over 40 different Flood backdoor variants.


Disinfection of Flood backdoor is simple - just delete or rename (if deleting fails) all infected files and restart your computer.

Technical Details

The backdoor is basically an IRC script that operates with a modified IRC client, usually mIRC. The backdoor can use external utilities for its needs. A hacker can control the backdoor by sending specific commands to it. The latest backdoor variants can perform the following actions:

- open a file server on an infected computer  - give OP to a specific user or everyone  - change channel mode  - give VOICE to a specific user or everyone  - deOP a specific user or everyone  - deVOICE a specific user or everyone  - add a user to autoOP list  - add a user to autoVOICE list  - delete user from a channel list  - add aliases  - change IRC server  - add server to a server list  - reconnect to a server  - join or part a specific channel  - join or part a specific channel in a cycle  - kick a specific user from a channel  - show backdoor info  - ban a specific user from a channel  - set specific variable  - change nickname  - show backdoor version  - show backdoor credits  - send messages  - get channel statistics  - clear server list  - remove specific variable    

Some commands will only work if an infected IRC user has an OP or high rank in a specified channel.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info