2 min read

[Malware Review] Nasty Backdoor.IRCBot.ADEN is Back in Business

Loredana BOTEZATU

July 05, 2011

[Malware Review] Nasty Backdoor.IRCBot.ADEN is Back in Business

Although Backdoor.IRCBot was firstly detected a long time ago, May 2003 to be precise, this e-threat always finds a way to reinvent itself and haunt peoples` systems all over again. It was a few weeks ago, 2011 when its last variant was spotted in the wild.

Backdoor.IRCBot.ADEN is a generic detection for the threat that spreads either via Instant Messaging clients such as Yahoo Messenger, Pidgin, Xchat or through USB devices. Given the fact that a crushing majority of PC users have at least one application that enables them to instantly communicate with friends, families or co-workers, the infection vector is well covered. Since we`re talking about a IRC bot, it`s easy to figure that it accepts a wide range of commands from its botmaster after it has successfully connected to an IRC channel.

Once on the system, it copies itself in the hidden <application data> folder; then, it adds itself to SoftwareMicrosoftWindowsCurrentVersionRun while injecting itself in all running processes, this way making sure that it is initialized at each Windows startup.

The remote attacker might initiate a variety of tasks amongst which distributed denial of service via a botnet of compromised systems, further malware download, financial data, collection of usernames and passwords, among other things.

In order to protect itself from detection and removal, Backdoor.IRCBot.ADEN attempts to block the access to all the well-known AV vendors` sites and it also restricts access to online scanning tools. It comes “equipped” with a list of words relevant to antimalware solutions in order to make sure that no cleaning tool remains running or could be accessed in real time onto the infected PC.

Plus, it monitors the instant messaging applications installed on the PC, social networks, file servers and e-mail accounts, e-banking or gaming accounts the user might have in order to steal all the usernames and passwords typed in or stored onto the “host” computer. PayPal, Steam, Facebook, Vkontakte, YouTube, Gmail, and many more are to be monitored by this threat. And as for social networks, it also has a special delivery: messages, tweets and wall posts that are to be sent without the users` consent.

This article is based on the technical information provided courtesy of Cristina Vatamanu, BitDefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read