Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
XTC worm utilises IRC

By Robert Vamosi, 0
December 12, 2000
URL: http://www.zdnet.com.au/news/security/soa/XTC-worm-utilises-IRC/0,130061744,120107573,00.htm


A new worm has a Trojan horse backdoor that could be used to launch a denial of service attack from infected machines.

XTC is a new Internet worm that can connect to one of the IRC channels to download components that might make it useful in a distributed denial of service attack. XTC arrives as an e-mail, requires users to open the .EXE attached file, and is capable of sending e-mail copies of itself from addresses found on an infected computer. This virus ranks as a four on the ZDNet virus meter.

How It Works

The worm arrives as an e-mail with the following details: From: support@avx.com
Subject: AVX update notification
Body:
Hi, We would like to notify you about the newest software designed by SOFTWIN company. This program constantly monitors the net for the newest viral treats and anti-virus databases. In the case some new virus is in-the-wild, it will immediatelly ask you to download the newest version of AntiVirus eXpert 2000 (AVX). It's small, it's efficent, it's secure and powerful. No special licence is needed, it's freeware. We hope you enjoy AntiVirus eXpert and share it with your friends. Best regards, AVX developement team.

By clicking on the attached file, a user installs the XTC worm. The worm is capable of doing the following:

  • sending mass e-mails

  • changing the default page on Internet Explorer

  • spreading via open shares on a local network

  • connect to an IRC channel


    • Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
    ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.