[Malware Review] Nasty Backdoor.IRCBot.ADEN is Back in Business
Although Backdoor.IRCBot was firstly detected a long time ago, May 2003 to be precise, this e-threat always finds a way to reinvent itself and haunt peoples` systems all over again. It was a few weeks ago, 2011 when its last variant was spotted in the wild.
Backdoor.IRCBot.ADEN is a generic detection for the threat that spreads either via Instant Messaging clients such as Yahoo Messenger, Pidgin, Xchat or through USB devices. Given the fact that a crushing majority of PC users have at least one application that enables them to instantly communicate with friends, families or co-workers, the infection vector is well covered. Since we`re talking about a IRC bot, it`s easy to figure that it accepts a wide range of commands from its botmaster after it has successfully connected to an IRC channel.
Once on the system, it copies itself in the hidden <application data> folder; then, it adds itself to SoftwareMicrosoftWindowsCurrentVersionRun while injecting itself in all running processes, this way making sure that it is initialized at each Windows startup.
The remote attacker might initiate a variety of tasks amongst which distributed denial of service via a botnet of compromised systems, further malware download, financial data, collection of usernames and passwords, among other things.
In order to protect itself from detection and removal, Backdoor.IRCBot.ADEN attempts to block the access to all the well-known AV vendors` sites and it also restricts access to online scanning tools. It comes “equipped” with a list of words relevant to antimalware solutions in order to make sure that no cleaning tool remains running or could be accessed in real time onto the infected PC.
Plus, it monitors the instant messaging applications installed on the PC, social networks, file servers and e-mail accounts, e-banking or gaming accounts the user might have in order to steal all the usernames and passwords typed in or stored onto the “host” computer. PayPal, Steam, Facebook, Vkontakte, YouTube, Gmail, and many more are to be monitored by this threat. And as for social networks, it also has a special delivery: messages, tweets and wall posts that are to be sent without the users` consent.
This article is based on the technical information provided courtesy of Cristina Vatamanu, BitDefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021