Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

Most of this page uses content from Wikipedia. The original article was at Backdoor.Win32.IRCBot. The page may have contained some inaccurate or outdated information, so please rewrote some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
PlatformMicrosoft Windows
This box: view  talk  edit

Backdoor.Win32.IRCBot is a backdoor computer worm that spreads through MSN Messenger and Windows Live Messenger. Once installed on a PC the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup. In addition, it attempts to send itself to all of the user's MSN contacts via and attachment named 'photos.zip'. Executing this file will install the worm onto the local PC. The Win32.IRCBot worm provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel. This allows for confidential information to be transmitted to a hacker. Because of a lack of standard naming conventions and also because of common features, variants of Win32.IRCBot can often be confused with the Agobot and Spybot family of worms. For example Sophos lists Backdoor.Win32.IRCBot.ul, W32/Poebot-JT worm, and Win32/IRCBot.TS as aliases of the W32/Gaobot.worm.gen.e worm, a member of the Agobot family.[3]


  • W32/Checkout(McAfee)
  • W32.Mubla(Symantec)
  • W32/IRCBot-WB(Sophos)
  • Backdoor.Win32.IRCBot.aaq(Kapersky)