This is an IRC worm that spreads via IRC channels. The worm itself is a Win32 application about 70Kb in size. It has two main routines: infection and game, both of which are activated upon infected-program running. The first one infects a computer so that it will spread the worm copies further to IRC
To spread itself, the worm looks for an mIRC client in four directories:
If one is found, the worm creates additional files:
The “C:backup.vbs” is then registered in the auto-run registry key as:
As a result, it is run each time the system starts up, and then copies files:
The “script.ini” file is a short mIRC program that sends C:tetris.exe file to everybody who enters infected channel.
|Find out the statistics of the threats spreading in your region|