検索:
ホーム   »     »   MIRC Adventure

MIRC Adventure

  • 投稿日:2006年12月11日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

I didn’t visit mIRC for a while so I intended to visit it at the start of my shift. I join a couple of channels then after sometime I received a private message with a link pointing a binary file. Yeah, just as I expected, malwares still use MIRC for their own purposes.

The binary file is an undetected WORM_DREFIR.A and is already being processed by the Service Team. This malware caught my interest because aside from having a destructive payload wherein this malware replaces all files that it can access with an empty file of the same filename, it has the ability to add a copy of itself into a RAR file that is found in affected user’s computer. It uses a random generated filename for the copy of itself to be added to the RAR file.

A computer affected by this malware is used as a host to spread the malware. It opens port 80 [http] where potential victims will be able to get a copy of the malware through this port. The malware sends private messages to potential victims through the MIRC channel it has connected. The message sent contains a link to a copy of the malware using the IP of the affected computer.

Example:

A potential victim receives the following message via IRC

— “http://www.google.com/url?q=http://xxx.yyy.zzz/TrialXXXView.scr”

Where: http://xxx.yyy.zzz will be the IP address of a compromised machine hosting the malware.

The payload of the malware is activated every 29th of the month where the system time seconds is above 30. Here’s the displayed messaged:

It is a good practice not to click and click URL links from IRC messages even if it comes from a known acquaintance. It is possible that your friend’s computer was compromised and it is the malware who sent you the message. :)

Have your antivirus pattern files updated regularly to be secured from malwares which are being discovered in-the-wild.

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.