TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
BKDR_IRCBOT.RB
Overview
Solution

Malware type: Backdoor

Aliases: Trojan.Win32.Agent.ebb (Kaspersky), Generic.dx (McAfee), Trojan Horse (Symantec), TR/Agent.ebb (Avira), Worm:Win32/Pakabot.A (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

BKDR_IRCBOT.RB Behavior Diagram

Malware Overview

This backdoor program may be dropped by other malware or downloaded from remote sites.

It connects to IRC servers to join IRC channels. It executes the certain commands from a remote malicious user, effectively compromising the affected system.

It accesses certain URLs to download malicious files detected as TROJ_DLOADER.BQK and TROJ_DLOADER.CSZ.

This backdoor also displays the following image upon execution:

BKDR_IRCBOT-RB

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 22, 2008 3:05:39 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.