The Web    Google
10/20: Spybot-DF an IRC Backdoor Worm

10/20: Spybot-DF an IRC Backdoor Worm
October 20, 2004

W32/Spybot-DF is an IRC backdoor worm. W32/Spybot-DF connects to a remote IRC server and runs in the background as a service process, listening for backdoor commands from a remote user. The worm may spread to network shares with weak passwords or by DCC. The worm may also spread through peer-to-peer networks, copying itself to the folder \kazaabackupfiles as DOWNLOAD_ME.EXE.

While the worm is active it attempts to terminate various monitoring programs. The worm may also log keystrokes, saving them to a local file or sending them directly to a remote user over IRC.

More information can be found at Sophos page.

  • Stomping Out Spam: The Spam Series, Part 1
  • For Win Wonks, Software Restriction is Good Policy
  • 'Critical' Security Hole in Real's Helix Server
  • XP SP2 Deadline Extended
  • Look Out For 3-Headed Plexus Worm
  • 10/20: Spybot-DF an IRC Backdoor Worm
  • 1/5: Rbot-SQ Worm Has Backdoor Abilities
  • 1/12: Kobot-B Worm Uses 3 Windows Flaws
  • Group Revises Anti-Piracy License Terms
  • 8/3: Scaner-A Worm Uses Port 445
  • A Spec to Spike Spam?
  • Security Camera Industry Information