Kaspersky: Parasitic IRCBot in the Wild
Interesting.
Via the Kaspersky Analyst's Diary weblog:
Statistics show that the contemporary malware landscape is, in the main, somehow connected with Trojans: Backdoors, Trojan-Downloaders, Trojan-Droppers, etc.More here.
Although we are still seeing the same kind of viruses as we were seeing 10 years ago, written by cyber hooligans, every now and then we find old style methods being incorporated into more serious malware.
Almost a year ago we wrote about Tenga, a classic file infector with worm and trojan-downloader functionality.
Recently we added detection for something similar: Virus.Win32.Virut.4960. While its name doesn't sound very interesting, or pretty for that matter, this is quite an interesting sample.
Like Tenga, Virut.4960 is a classic appending virus. This file infector infects .exe and .scr files by attaching its (encrypted) code.
The interesting part is that the encrypted code contains IRCBot functionality. When an infected sample is executed it tries to connect to a certain IRC server.
The IRCBot functionality is very limited, and simply downloads a file of the attacker's choice. However, even such restricted functionality is enough to introduce more malware onto the victim system.
posted by Fergie @ 5/10/2006 10:19:00 AM
0 Comments:
Post a Comment
<< Home