Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server in order to receive remote control commands. It exploits the vulnerabilities LSASS, RPC DCOM and UPnP, in order to spread to as many computers as possible.
|First detected on:||June 5, 2006|
|Detection updated on:||June 6, 2006|
|Yes, using TruPrevent Technologies
Ircbot.ZN is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download files, execute commands, list processes, etc.
Additionally, Ircbot.ZN installs its own FTP (File Transfer Protocol) server on the affected computer in order to spread to other systems.
Ircbot.ZN uses different means to spread:
- It makes copies of itself in the shared network resources it gains access to.
- It exploits the vulnerabilities LSASS, RPC DCOM and UPnP to spread across the Internet.
It is highly recommendable to download the security patches for the vulnerabilities LSASS, RPC DCOM and UPnP from the Microsoft website.
Ircbot.ZN is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.