W32.Fruit.Mirc


Aliases: W32.Fruit.B.Mirc, W32.Fruit.C.Mirc, IRC-Worm.Fruit.a, IRC-Worm.Fruit.b
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 04 Oct 2000
Damage: Low

Characteristics: On the 4th day of October 2000, a family member of worms was discovered. This worm was named as W32.Fruit.Mirc. It arrived as a Visual Basic 6 or VB6 program that primarily reproduces a slot machine. It propagated using mIRC.

More details about W32.Fruit.Mirc

Also known as W32.Fruit.B.Mirc, W32.Fruit.C.Mirc, IRC-Worm.Fruit.a and IRC-Worm.Fruit.b, W32.Fruit.Mirc arrives as a VB6 program to stimulate a slot machine. It uses mIRC to spread its infection by sending itself to all others on a channel. Once it is activated, the worm inserts itself in C:\Windows\System\Fruit.exe. Then, the worm overwrites the mIRC Script.ini file to send itself to others connected on a channel. This works successfully when the user leaves the channel. Afterwards, the worm will display a simulation of a slot machine. In a slot machine, you usually see specific buttons: About, Exit, and Go. The worm terminates program when you decide to click OK after executing About, Exit and Go.

The W32.Fruit.Mirc program is utilized by third parties in infiltrating targeted computers. Upon being contracted, this program enables remote third parties to open variable ports in the user’s computer. The said ports are then employed by the attackers to view the private files of the users. This program also allows remote hackers a certain type of control over the compromised computer system. This is accomplished by installing a command line service similar to those provided by IRC or Internet Chat Relay. This program then proceeds to log on to a channel which has been pre-specified in order to await commands from that location. It is this operation that allows the intruder to take control of the administrative settings and files of the user. Moreover, the process even allows connection to the Internet.