Aliases: W32/IRCbot.worm.dll!95744, W32/IRCbot.worm
Variants: W32.IRCBot.B, W32/IRCbot.worm!MS05-039, W32/IRCbot-AFP, W32/IRCBot.ET

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: North America, South America, Asia, Europe, some parts of Africa and Australia
Removal: Easy
Platform: W32
Discovered: 08 Jul 2002
Damage: Low

Characteristics: The W32.IRCBot malware is a backdoor Trojan. This Trojan can connect to IRC servers and then wait for instructions from a remote hacker. It can likewise spread through networks, IRC channels, infected email messages with attachments and other computer systems. This backdoor Trojan can be contracted by unsuspecting users by downloading freeware and shareware, opening and downloading an attachment from unknown senders and through clicking links on some infected websites.

More details about W32.IRCBot

The Trojan W32.IRCBot will drop an EXE file once run in a compromised system. It will also create a registry entry in order that it will also execute once the computer system is started. This Trojan has its very own IRC or Internet Relay Chat client that can connect to IRC channels. It will then wait for instructions permitting a remote hacker to carry out a host of malicious actions on the compromised machine. These actions can include taking over the IRC client of the infected machine, updating or deleting itself, sending its code to other IRC channels and downloading and executing more malware to the system. Other actions include copying itself to the shared folders on other systems and carrying out DOS or Denial of Service attacks against particular targets.

The W32.IRCBot Trojan application allegedly has keylogger functionality. It allows the program to record keystrokes done on the computer. The program may collect personal information stored in the computer. It saves this collected data into a log file in a hidden Windows folder. The application may send the log file to a remote server via File Transfer Protocol or FTP. This program may also record credit card numbers, user names and passwords to financial accounts. It may also capture Internet Relay Chat or IRC conversations and e-mails sent by the user. It may also monitor the website the user visits. It can also record running programs in the computer. The remote hacker may auction the collected information online or use it directly for personal gain.