Backdoor.Win32.IRCBot (also known as W32/Checkout (McAfee), W32.Mubla (Symantec), W32/IRCBot-WB (Sophos), and Backdoor.Win32.IRCBot.aaq (Bydoon Center)Microsoft Encyclopedia Entry: Backdoor:Win32/IRCbot
Retrieved February 24, 2011) is a

backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so tit ...

computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...

that is spread through

MSN Messenger MSN Messenger (also known colloquially simply as MSN), later rebranded as Windows Live Messenger, was a Cross-platform software, cross-platform instant messaging client, instant-messaging client developed by Microsoft. It connected to the now-di ...

and

Windows Live Messenger MSN Messenger (also known colloquially simply as MSN), later rebranded as Windows Live Messenger, was a Cross-platform software, cross-platform instant messaging client, instant-messaging client developed by Microsoft. It connected to the now-di ...

. Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic

startup A startup or start-up is a company or project undertaken by an entrepreneur to seek, develop, and validate a scalable business model. While entrepreneurship includes all new businesses including self-employment and businesses that do not intend to ...

.Seattle Times: Worm pretends it's Windows program
Retrieved February 24, 2011 In addition, it attempts to send itself to all MSN contacts by offering an attachment named 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor

server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...

and allows a remote intruder to gain access and control over the computer via an

Internet Relay Chat IRC (Internet Relay Chat) is a text-based chat system for instant messaging. IRC is designed for Many-to-many, group communication in discussion forums, called ''#Channels, channels'', but also allows one-on-one communication via instant mess ...

channel. This allows for confidential information to be transmitted to a

hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...

. Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the Agobot and Spybot family of worms. For example,

Sophos Sophos Limited is a British security software and hardware company. It develops and markets managed security services and cybersecurity software and hardware, such as managed detection and response, incident response and endpoint security s ...

lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.Sophos W32/Poebot-JT Win32 Worm
/ref>

References

Computer worms {{malware-stub

See also

References