W32.Housax.Irc


Aliases: Win32/Housex.A, W32/Housex, IRC-Worm.Housex.A, IRC-Worm/Housex, Win32:MyHouse
Variants: IRC-Worm.Win32.Housex, IRC-Worm.Housex, W32/Sytro.worm.gen!p2p, Win32.HLLW.Sytro.13, mIRC/Housex-A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 05 Sep 2002
Damage: Low

Characteristics: This specific malware is a type of Internet Relay Chat Worm which is designed to take advantage of certain vulnerabilities in the Internet Relay Chat service allowing it to target users. The W32.Housax.Irc will attempt to send a copy of itself to unsuspecting users in the contact list. Consistent with similar variants, it may attempt to communicate with the contact pretending to be the a legitimate Internet Relay Chat user.

More details about W32.Housax.Irc

Worms like Trojan Horses rely mainly on the use of deceptive tactics to force the unwary computer user into launching its malicious codes into the vulnerable machine. When the W32.Housax.Irc malware first arrives at the compromised machine it will display an error message box simulating a legitimate operating system alert. The message box will inform the computer user that a certain Dynamic Link Library file is absent from the computer system. The computer user will be forced to click on the OK button. Once the OK button is clicked, the W32.Housax.Irc will begin to create a copy of itself into the directory location of the operating system files. Normally this malware will only extract a single file into the infected computer system.

The file extracted into the compromised computer system by the W32.Housax.Irc has a double file extension. The combination of the file extensions may be an executable and a picture file. The EXE format is always the last extension added by the W32.Housax.Irc to its trigger file. It uses the Windows Registry to find the exact location of the IRC client. Once the W32.Housax.Irc has found the application it will check for the presence of the executable file of the IRC client. If found, the W32.Housax.Irc will proceed to generate an initialization file to send its codes to other users.