W32.Girls.Irc


Aliases: W32/Girls.worm, Win32.HLLW.Girls.43390, mIRC/Girls-A, WORM_GIRLS.A, Win32/Girls.A@mm
Variants: IRC/Girls.worm, IRC-Worm.IRC.Girls, Win32.HLLW.Girls.43390, IRC-Worm.Girls.A, IRC-Worm/Girls

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 01 Feb 2002
Damage: Low

Characteristics: This particular malware is considered as a type of Internet Relay Chat (IRC) Worm which is known for using the service to spread its codes to other computer systems. Like most threats of this nature it attempts to infect vulnerable machines without alerting the computer user. Once the W32.Girls.Irc gets into the machine it will extract its file contents into various folders and directories in an attempt to complicate its detection and removal.

More details about W32.Girls.Irc

Normally the W32.Girls.Irc makes use of the functionalities of the popular chat client mIRC to spread its infection to other computer systems. This is commonly achieved by the use of an initialization script file which instructs the application to carry out specific commands. Usually the script file will allow the malicious file to copy itself to the remote computer system and execute using some form of cloaking routine to hide its true actions. The W32.Girls.Irc is normally accompanied by two files a ZIP and a TXT format. The text file contains instructions which are used to coax the unsuspecting recipient into executing the Worm's payload. This is because the W32.Girls.Irc requires user intervention to infect the target computer system.

In most instances, the recipient will follow the instructions contained in the text file because he believes that the message was authentically sent. One of the ploys of the W32.Girls.Irc is to pretend that the messages sent to the contacts list comes from the user himself. The recipient will be asked to rename the ZIP extension into EXE and launch the file. The context of the TXT file states that once this step is done a pornographic image will be displayed. In reality however, what this routine will do is to initiate the W32.Girls.Irc infection into the recipient's computer system.