mailing list archives
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 22 Oct 2005 09:34:23 +1300
Randall M wrote:
We have been dealing with an IRC/Mirc invation being installed on our
network. Looking for info on the possible ways it gets in to a network,
spreads and what ports to block beside IRC. Only real info was found
here:http://www.avira.com/en/threats/DR_IRCFlooder_3_details.html. I found
a handful of posts where people have had it hit them. Anyone have other
info on this.
mIRC is used by all manner of "bad stuff", spread in all manner of
ways. If you know nothing more than that you have unexpected mIRC
installs running on some machines then you really have not learnt
enough about what you have to help us narrow the field much.
That said, such mIRC installs are always accompanied with one to
several script files (conventionally with a .INI extension and in the
same directory as the executable). Snagging those and subjecting them
to several different virus scanners should return some information
about the likely malware family "your" mIRC installations belong to
(unless you have something entirely new and novel...).
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Question Randall M (Oct 21)
- Re: Question Nick FitzGerald (Oct 21)
- Re: Question Rodrigo Barbosa (Oct 21)