| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <435A079E.4519.A57EB06@gmail.com> Date: Fri Oct 21 21:34:35 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Question Randall M wrote: > We have been dealing with an IRC/Mirc invation being installed on our > network. Looking for info on the possible ways it gets in to a network, > spreads and what ports to block beside IRC. Only real info was found > here:http://www.avira.com/en/threats/DR_IRCFlooder_3_details.html. I found > a handful of posts where people have had it hit them. Anyone have other > info on this. mIRC is used by all manner of "bad stuff", spread in all manner of ways. If you know nothing more than that you have unexpected mIRC installs running on some machines then you really have not learnt enough about what you have to help us narrow the field much. Sorry. That said, such mIRC installs are always accompanied with one to several script files (conventionally with a .INI extension and in the same directory as the executable). Snagging those and subjecting them to several different virus scanners should return some information about the likely malware family "your" mIRC installations belong to (unless you have something entirely new and novel...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092
Powered by blists - more mailing lists