Symantec added a variant of mIRC Trojan to its virus definition on 2/13/2003, and the worm/Trojan was based the older mIRC Trojan (ocxdll.exe/ taskmngr.exe). The original analysis is at http://www.klcconsulting.net/mirc_virus_analysis.htm I saw a more than usual port 445 activities on incidents.org around 2/8-2/9, and again on the last few days, so I cross-checked Symantec site, and found the mIRC worm/Trojan variant, Backdoor.IRC.Zcrew. This variant used port 445 like the older ocxdll.exe Trojan. As I did some more research, I noticed that TrendMicro analyzed this variant back in 12/3/2002, so I guess it was not new, but just re-spreading. I am curious how many people have seen this activities? If you have a copy of this virus, can you contact me? I am interested in analyzing this worm/Trojan file(s). Symantec - http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.h tml TrendMicro - http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FLOOD.B I.DR Thanks, /Kyle Kyle Lai, CISSP, CISA KLC Consulting, Inc. 617-921-5410 klaiat_private www.klcconsulting.net --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.454 / Virus Database: 253 - Release Date: 2/10/2003 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 13:55:19 PST