Aliases: Generic BackDoor.o, Trojan.Funpic, Backdoor:Win32/VB.UT, BKDR_VB.X, Worm/IRC.VB.B
Variants: W32/VB.EH@p2p, Win32:Trojano-280, BackDoor.VB.16.E, Backdoor.mIRC.Downloader.A, Trj/VB.AL,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 04 Feb 2004
Damage: Low

Characteristics: The W32.SillyIRC program is a generic exposure that identifies variants of the W32.Silly family worms that multiply making use of Internet Relay Chat applications.

More details about W32.SillyIRC

This malware program has the ability to infiltrate a local area network as a method for self-propagation. It was said that the W32.SillyIRC worm has the ability to bypass a network's security protocol and will proceed to download its components onto the terminal, thus infecting it with its functions. According to expert users, the W32.SillyIRC worm may also integrate its own database of potential username and passwords to be used on network security to try to gain access to the system. It will first detect the terminals in a local area network (LAN) through the infected machine and will start its basic routines from there. When the W32.SillyIRC worm is opened, it may create a duplicate of itself in the “%System%” or “%Windir%” folder. The W32.SillyIRC worm changes the registry key so that it is opened each time Windows begins. In a lot of cases, the W32.SillyIRC utilizes one or more of the loading points to be sure that it opens when you begin Windows. This worm multiplies making use of the Internet Relay Chat applications.

The W32.SillyIRC worm may start the downloading process by waiting for the infected computer to get a network connection. This may be as simple as a local area network or as broad as an Internet connection. The network connection, however, will depend on how the malware was programmed. Once the computer is connected, the W32.SillyIRC worm is reported to get in touch with a certain IP address. It may then look for other malware to be downloaded and start downloading when it has detected them. Other sources claim that the W32.SillyIRC worm may even use the compromised machine to distribute its downloaded threats to the connected computers. It can also execute the malware it has retrieved.