W32.IRCBot

Discovered:

July 8, 2002

Updated:

October 29, 2008 6:41:54 PM

Also Known As:

W32/IRCbot.worm.dll!95744 [McAfee], W32/Spybot.worm!dx [McAfee], Generic BackDoor!csb [McAfee]

Type:

Trojan, Worm

Systems Affected:

Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000

W32.IRCBot is a detection for worms that spread using Internet Relay Chat (IRC). The IRC connection serves as a back door, allowing an attacker to perform a variety of actions on the compromised computer. An attacker usually gathers a large number of computers infected with W32.IRCBot worms and uses them as a bot network, controlled through IRC.

The use of IRC separates threats from their traditional back door and worm counterparts in that the hacker does not issue commands directly to the back door. Rather they are routed through the IRC server and channel, and then on to the compromised computer. Without the IRC server or channel, the attacker is unable to control the compromised computer.

Antivirus Protection Dates

• Initial Rapid Release version July 9, 2002
• Latest Rapid Release version May 24, 2012 revision 048
• Initial Daily Certified version July 9, 2002 revision 007
• Latest Daily Certified version May 24, 2012 revision 019
• Initial Weekly Certified release date July 10, 2002

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy