Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
IRC-Worm.Luck Viruses Information

Name: IRC-Worm.Luck
Category: Viruses
Description: Details
IRC-Worm.Lucky

This is a IRC worm that spreads through the IRC channel using mIRC and PIRCH clients for spreading. The worm appears on a computer as the LK7.EXE Windows program about 500K in length. When this file is executed by a user, the worm installs itself into the system, copies the LK7.EXE to the C:WINDOWS directory, then searches for mIRC and PIRCH clients in current, C:MIRC, C:MIRC32, C:PIRCH98 directories, and modifies IRC scripts there.
The worm also installs the ""Backdoor.NetBus" Trojan to the system. To do this, the worm keeps the Trojan's code in its body, extracts it from there, copies to the C:WINDOWS directory with IRCPATCH.EXE name, and executes it.
The worm contains the "copyright" text:
LUCKY B.R.D 1994-99 [LK-7]all
To spread through mIRC channel the worm creates the new script file LK7.INI and sets a reference to this file in the mIRC system script file MIRC.INI. The worm's script intercepts a set of events and uses them to spread its copy to channels and manifest itself:
on a new user joining infected channel, or on files transfer the worm sends its copy (the C:WINDOWSLK7.EXE file) to this user.
if the text "leave!!!" appears in channel, the worm sends to the channel the message "Your will is my command" and leaves the channel.
on "LUCKY !!" text the worm sends to the channel the message "I am a Lamer !!" and changes affected user's nick to "Lamer".
on "Die!!!" text the worm reacts with the "Be sure, I will commit suicide now .. RIP" message and leaves chat.
on "virus" and "virii" strings the virus sends to the channel the text I am infected with [LK-7]..By LUCKY B.R.D 1994-99.Win32 VIRUS".
and so on.
To spread its copy to mIRC channels, the worm also modifies the system registry keys that are responsible for mIRC events, and in some events, the worm also sends its copy to channels.
To spread to PIRCH, the worm creates the new script file EVENTS.INI that contains a command that sends a worm copy to all users that enter the infected channel.
Variants
There are several known variants of the original worm. They are crippled (infect only the mIRC client, for instance) and do not install backdoor files. They spread as files with the names:
"Lucky.b": CLICK-IT.EXE
"Lucky.c": APPOLO.EXE



Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits

Random Viruses Pages:
Mws.78
S
Boys.50
Muny famil
HMA_Boot.
Apo.210
DM.33
TestWor
Invisible.
I-Worm.Icecubes.


 

© 2006-2008 spyware32.com - Privacy Policy