[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Question

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Question
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 22 Oct 2005 09:34:23 +1300

Randall M wrote:

> We have been dealing with an IRC/Mirc invation being installed on our
> network. Looking for info on the possible ways it gets in to a network,
> spreads and what ports to block beside IRC. Only real info was found
> here:http://www.avira.com/en/threats/DR_IRCFlooder_3_details.html. I found
> a handful of posts where people have had it hit them. Anyone have other
> info on this. 

mIRC is used by all manner of "bad stuff", spread in all manner of 
ways.  If you know nothing more than that you have unexpected mIRC 
installs running on some machines then you really have not learnt 
enough about what you have to help us narrow the field much.

Sorry.

That said, such mIRC installs are always accompanied with one to 
several script files (conventionally with a .INI extension and in the 
same directory as the executable).  Snagging those and subjecting them 
to several different virus scanners should return some information 
about the likely malware family "your" mIRC installations belong to 
(unless you have something entirely new and novel...).

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Question
  - From: Randall M

Prev by Date: [Full-disclosure] Question
Next by Date: Re: [Full-disclosure] Question
Previous by thread: [Full-disclosure] Question
Next by thread: Re: [Full-disclosure] Question
Index(es):
- Date
- Thread