 10/20: Spybot-DF an IRC Backdoor Worm |
 |
|
|
|
|
|
10/20: Spybot-DF an IRC Backdoor Worm
October 20, 2004
W32/Spybot-DF is an IRC backdoor worm. W32/Spybot-DF connects to a remote IRC server and runs in the background as a service process, listening for backdoor commands from a remote user. The worm may spread to network shares with weak passwords or by DCC. The worm may also spread through peer-to-peer networks, copying itself to the folder \kazaabackupfiles as DOWNLOAD_ME.EXE.
While the worm is active it attempts to terminate various monitoring programs. The worm may also log keystrokes, saving them to a local file or sending them directly to a remote user over IRC.
More information can be found at Sophos page.
|
|
|
|
|
AntiOnline Security Spotlight: Firewalls and Honeypots
2/3: Rbot-SQ Worm Has Backdoor Abilities
This Python Really Eats Bugs
4/5: Mytob-W Worm Takes Remote Orders
11/5: Backdoor.Ranky-L Enables Attacker
9/8: Rbot-IL Spreads To Remote Shares
Spam Foes Worry New FTC Rule Not Enough
WiFi Security Concerns Easing
2/7: Traxg-C is a Mass-Mailing Worm
1/12: Buchon-C a Mass-Mailing Worm
Sun Plays New Security Card with VeriSign
Security Camera Related Information
 |
