Backdoor.IRC.Bot.B

Backdoor.IRC.Bot.B is a Backdoor Trojan Horse that uses the IRC channels to launch Denial of Service (DoS) attacks, and that allows the Trojan's creator to control your computer.

The functions of the files may change. The information discussed in this writeup is based on the samples that Symantec Security Response has reviewed.

---

Note: Virus definitions dated prior to October 28, 2003 detect this variant as Backdoor.IRC.Bot.

---

This variant of Backdoor.IRC.Bot.B has been reported to have been sent by email. The messages have the following characteristics:

Subject: hey, stop send letters to me!
Message:
Hey!

Your computer sending e-mail virus Sobig.f!
I recieved message with it three times from you.
I think your PC is infected and many of your friends
and other people get infected messages.
It is not so new virus, why you didn't patch?
Please stop it, Find WMDWM (Sobig killer) somewhere
or run it from my attach. It file can kill only Sobig.f
from your computer and stop the spam from your PC.

Uff... bye...

Attachment: Wmdvm.exe

Protection

• Initial Rapid Release version October 28, 2003
• Latest Rapid Release version June 22, 2009 revision 066
• Initial Daily Certified version October 28, 2003
• Latest Daily Certified version June 19, 2009 revision 051
• Initial Weekly Certified release date October 29, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: Low