McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This is a malware written in the PERL script language. When run, it connects to a Internet Relay Chat (IRC) server and joins a predetermined and password-protected channel as configured by the malicious user. When successful, it may then receive commands from a remote user.

Symptoms

• Unexpected outgoing IRC connections usually on TCP port 6667 but it may also be configured to use other ports determined by the malicious user.

Method of Infection

This Perl script is likely to be planted by a malicious user or worm after successful penetration. It connects to a predetermined IRC server and joins a channel which it could receive commands to perform the following tasks:

• Execute system commands
• Execute IRC bot functions
• Distributed Denial of Service (DDoS) attack on other systems

This malware requires the availability of Perl scripting libraries in order to execute successfully.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This is a malware written in the PERL script language. When run, it connects to a Internet Relay Chat (IRC) server and joins a predetermined and password-protected channel as configured by the malicious user. When successful, it may then receive commands from a remote user.

Symptoms

Symptoms -

• Unexpected outgoing IRC connections usually on TCP port 6667 but it may also be configured to use other ports determined by the malicious user.

Method of Infection

Method of Infection -

This Perl script is likely to be planted by a malicious user or worm after successful penetration. It connects to a predetermined IRC server and joins a channel which it could receive commands to perform the following tasks:

• Execute system commands
• Execute IRC bot functions
• Distributed Denial of Service (DDoS) attack on other systems

This malware requires the availability of Perl scripting libraries in order to execute successfully.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A