Killian441 (talk | contribs) cleaned up, removed orphan tag |
86.173.174.31 (talk) No edit summary |
||
Line 1: | Line 1: | ||
'''Backdoor.Win32.IRCBot''' (also known as '''W32/Checkout''' (McAfee), '''W32.Mubla''' (Symantec), '''W32/IRCBot-WB''' (Sophos), and '''Backdoor.Win32.IRCBot.aaq''' (Kaspersky)<ref name ="microsoft">[http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FIRCbot Microsoft Encyclopedia Entry: Backdoor:Win32/IRCbot] Retrieved February 24, 2011</ref>) is a [[Backdoor (computing)|backdoor]] [[computer worm]] that is spread through [[MSN Messenger]] and [[Windows Live Messenger]]. Once [[Installation (computer programs)|installed]] on a [[personal computer|PC]] the worm copies itself into a Windows [[system folder]], creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic [[Booting|startup]].<ref name="Seattle">[http://seattletimes.nwsource.com/html/businesstechnology/2003107486_bizbriefs06.html Seattle Times: Worm pretends it's Windows program] Retrieved February 24, 2011</ref> and in addition it attempts to send itself to all MSN contacts by offering an attachment names 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor [[Server (computing)|server]] and allows a remote intruder to gain access and control over the computer via an [[Internet Relay Chat]] channel.<ref name="microsoft" /> This allows for confidential information to be transmitted to a [[Hacker (computer security)|hacker]]. |
'''Backdoor.Win32.IRCBot''' (also known as '''W32/Checkout''' (McAfee), '''W32.Mubla''' (Symantec), '''W32/IRCBot-WB''' (Sophos), and '''Backdoor.Win32.IRCBot.aaq''' (Kaspersky)<ref name ="microsoft">[http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FIRCbot Microsoft Encyclopedia Entry: Backdoor:Win32/IRCbot] Retrieved February 24, 2011</ref>) is a [[Backdoor (computing)|backdoor]] [[computer worm]] that is spread through [[MSN Messenger]] and [[Windows Live Messenger]]. Once [[Installation (computer programs)|installed]] on a [[personal computer|PC]] the worm copies itself into a Windows [[system folder]], creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic [[Booting|startup]].<ref name="Seattle">[http://seattletimes.nwsource.com/html/businesstechnology/2003107486_bizbriefs06.html Seattle Times: Worm pretends it's Windows program] Retrieved February 24, 2011</ref> and in addition it attempts to send itself to all MSN contacts by offering an attachment names 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor [[Server (computing)|server]] and allows a remote intruder to gain access and control over the computer via an [[Internet Relay Chat]] channel.<ref name="microsoft" /> This allows for confidential information to be transmitted to a [[Hacker (computer security)|hacker]]. |
||
Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can |
Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the [[Agobot]] and [[Spybot worm|Spybot]] family of worms. For example [[Sophos]] lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.<ref>[http://www.sophos.com/security/analyses/viruses-and-spyware/w32poebotjt.html Sophos W32/Poebot-JT Win32 Worm]</ref> |
||
== References == |
== References == |
Revision as of 01:08, 9 April 2011
Backdoor.Win32.IRCBot (also known as W32/Checkout (McAfee), W32.Mubla (Symantec), W32/IRCBot-WB (Sophos), and Backdoor.Win32.IRCBot.aaq (Kaspersky)[1]) is a backdoor computer worm that is spread through MSN Messenger and Windows Live Messenger. Once installed on a PC the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] and in addition it attempts to send itself to all MSN contacts by offering an attachment names 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.
Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the Agobot and Spybot family of worms. For example Sophos lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.[3]
References
- ^ a b Microsoft Encyclopedia Entry: Backdoor:Win32/IRCbot Retrieved February 24, 2011
- ^ Seattle Times: Worm pretends it's Windows program Retrieved February 24, 2011
- ^ Sophos W32/Poebot-JT Win32 Worm