The Web    Google
3/24: Rbot-DP an IRC Backdoor Trojan

3/24: Rbot-DP an IRC Backdoor Trojan
March 24, 2005

W32/Rbot-DP is an IRC backdoor Trojan with spreading capability. W32/Rbot-DP copies itself into the Windows system folder and sets the following registry entries to run itself automatically when Windows starts up:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft DirectX

W32/Rbot-DP logs onto a predefined IRC server and waits for backdoor commands. When receives the appropriate backdoor command W32/Rbot-DP will attempt to spread to other computers.

More information can be found at Sophos page.

  • Check Point Directing Security to Web Applications, End Points
  • Gentoo 2005.0 All About Security
  • OpenVMS: An Old OS Hasn't Lost Security Footing
  • 1/10: VBS/Mcon-G Worm Spreads Via IRC
  • New Alliance Opposes Anti-Piracy Mandates
  • Beating back viruses
  • Bagle-BK Worm Downloads Code
  • 6/14: Spybot-CO Spreads via KaZaA Network
  • 6/4: Korgo-D Attacks Buffer Overrun
  • 6/17: Download.Ject Installs File
  • PHP Zaps Security Leaks
  • Security Camera Price