Backdoor.Win32.IRCBot
Encyclopedia
Backdoor.Win32.IRCBot is a backdoor computer worm
that is spread through MSN Messenger and Windows Live Messenger
. Once installed
on a PC
the worm copies itself into a Windows system folder
, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup
. and in addition it attempts to send itself to all MSN contacts by offering an attachment names 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor server
and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat
channel. This allows for confidential information to be transmitted to a hacker
.
Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the Agobot and Spybot
family of worms. For example Sophos
lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
that is spread through MSN Messenger and Windows Live Messenger
Windows Live Messenger
Windows Live Messenger is an instant messaging client created by Microsoft that is currently designed to work with Windows XP , Windows Vista, Windows 7, Windows Mobile, Windows CE, Xbox 360, Blackberry OS, iOS, Java ME, S60 on Symbian OS 9.x and Zune HD...
. Once installed
Installation (computer programs)
Installation of a program is the act of putting the program onto a computer system so that it can be executed....
on a PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
the worm copies itself into a Windows system folder
System Folder
The System Folder is the directory in classic versions of Mac OS that holds various files required for the system to operate, such as fonts, system extensions, control panels, and preferences....
, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
. and in addition it attempts to send itself to all MSN contacts by offering an attachment names 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat
Internet Relay Chat
Internet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
channel. This allows for confidential information to be transmitted to a hacker
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
.
Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the Agobot and Spybot
Spybot worm
The Spybot worm is a large family of computer worms of varying characteristics. Although the actual number of versions is unknown, it is estimated to be well into the thousands...
family of worms. For example Sophos
Sophos
Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways....
lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.