Backdoor.Win32.IRCBot is a computer worm/backdoor that is spread through MSN Messenger and Windows Live Messenger by downloading photo album.zip from someone. It can be recognised because the person says one of the following:
- Lmfao hey im sending my new photo album, Some bare funny pictures!
- lol my sister wants me to send you this photo album
- Hey i been doing photo album! Should see em loL! accept please mate :)
- HEY lol i've done a new photo album !:) Second ill find file and send you it.
- Hey wanna see my new photo album?
- looooooooooooooooooooooooooooooooooooooo!! :p
- OMG just accept please its only my photo album!!
- Hey accept my photo album, Nice new pics of me and my friends and stuff and when i was young lol...
- Hey just finished new photo album! :) might be a few nudes ;) lol...
- hey you got a photo album? anyways heres my new photo album :) accept k?
- hey man accept my new photo album.. :( made it for yah, been doing picture story of my life lol..
Inside is a '.pif' file called photo album2007 or a '.scr' file called photos_2007. It connects you to one of the following IRC Servers:
- darkjester.xplosionirc.net
- cc.xerhosts.net
- free8.bis:8080
- john.free4people.net:80
and posts a message: IMStart. which is an invitation to connect to the victims computer.when connected, the attacker can send the worm to more people and control the victims pc. However, there is a flaw: as MSN Messenger does not allow you to send whole files, instead of spreading, The victim will get a lot of dialogue boxes saying: "you cannot send a folder, please send one file at a time." Thefore you must have Windows Live Messenger to spread it.
EZ 2 them peeps who know who they r :D