The Web    Google
10/20: Spybot-DF an IRC Backdoor Worm

10/20: Spybot-DF an IRC Backdoor Worm
October 20, 2004

W32/Spybot-DF is an IRC backdoor worm. W32/Spybot-DF connects to a remote IRC server and runs in the background as a service process, listening for backdoor commands from a remote user. The worm may spread to network shares with weak passwords or by DCC. The worm may also spread through peer-to-peer networks, copying itself to the folder \kazaabackupfiles as DOWNLOAD_ME.EXE.

While the worm is active it attempts to terminate various monitoring programs. The worm may also log keystrokes, saving them to a local file or sending them directly to a remote user over IRC.

More information can be found at Sophos page.

  • AntiOnline Security Spotlight: Firewalls and Honeypots
  • 2/3: Rbot-SQ Worm Has Backdoor Abilities
  • This Python Really Eats Bugs
  • 4/5: Mytob-W Worm Takes Remote Orders
  • 11/5: Backdoor.Ranky-L Enables Attacker
  • 9/8: Rbot-IL Spreads To Remote Shares
  • Spam Foes Worry New FTC Rule Not Enough
  • WiFi Security Concerns Easing
  • 2/7: Traxg-C is a Mass-Mailing Worm
  • 1/12: Buchon-C a Mass-Mailing Worm
  • Sun Plays New Security Card with VeriSign
  • Security Camera Related Information