 10/20: Spybot-DF an IRC Backdoor Worm |
 |
|
|
|
|
|
10/20: Spybot-DF an IRC Backdoor Worm
October 20, 2004
W32/Spybot-DF is an IRC backdoor worm. W32/Spybot-DF connects to a remote IRC server and runs in the background as a service process, listening for backdoor commands from a remote user. The worm may spread to network shares with weak passwords or by DCC. The worm may also spread through peer-to-peer networks, copying itself to the folder \kazaabackupfiles as DOWNLOAD_ME.EXE.
While the worm is active it attempts to terminate various monitoring programs. The worm may also log keystrokes, saving them to a local file or sending them directly to a remote user over IRC.
More information can be found at Sophos page.
|
|
|
|
|
Stomping Out Spam: The Spam Series, Part 1
For Win Wonks, Software Restriction is Good Policy
'Critical' Security Hole in Real's Helix Server
XP SP2 Deadline Extended
Look Out For 3-Headed Plexus Worm
10/20: Spybot-DF an IRC Backdoor Worm
1/5: Rbot-SQ Worm Has Backdoor Abilities
1/12: Kobot-B Worm Uses 3 Windows Flaws
Group Revises Anti-Piracy License Terms
8/3: Scaner-A Worm Uses Port 445
A Spec to Spike Spam?
Security Camera Industry Information
 |
