|
|
IRC-Worm.Rade Viruses Information
| Name: |
IRC-Worm.Rade |
| Category: |
Viruses |
| Description:
|
Details
IRC-Worm.Radex
This is a virus-worm that spreads via IRC channels. The worm itself is a batch-script file about 3 Kb in length.
The worm copies itself to the following batch files:
C:Windowswinstart.bat
C:WindowsLINUX_SH_DOS_BAT_WIN_JS.bat
C:Win95LINUX_SH_DOS_BAT_WIN_JS.bat
C:Win98LINUX_SH_DOS_BAT_WIN_JS.bat
C:WinMELINUX_SH_DOS_BAT_WIN_JS.bat
The batch file drops and executes the JS file LINUX_SH_DOS_BAT_WIN_JS.JS. This JS file displays a dialogue window with the following Title/Subject:
Radix16/SMF
SH-BAT-JS
After this, the worm creates and sends the new e-mail message to the following address:
Radix16@atlas.cz
The infected messages contain the following:
Subject: SHBATJS
Body: crazzy bat :) testing MS OTLOOK in the (WORLD)
Attach: LINUX_SH_DOS_BAT_WIN_JS.bat
The virus-worm also creates the file C:MIRCSCRIPT.INI. This INI file sends the batch file to the IRC channels.
Installing
While installing, the worm copies its JS component to the Windows directory with the name C:WINDOWSLINUX_SH_DOS_BAT_WIN_JS.JS, and registers this file in the WIN.INI run section.
The worm also contains the following text strings:
# /bin/sh
-=LINUX START=-
-=DOS/WIN START=-
ONLY SAMPLE (TEST) LINUX SH DOS BAT WIN JS all........
WoRlD iS mY |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Trojan.Java.Binny.
Macro.Word.Ca
Win32.Idele.210
Oropa
Pcflu.80
Macro.Word.Stealp
USSR.41
Spy.108
CGA.102
Hafen.78
|
|
