Welcome to the Virus Encyclopedia of Panda Security.
It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself and download a copy of itself to the affected computer. Additionally, it reduces the computer security by modifying the configuration of the Windows Security Center and disables the Task Manager.
|First detected on:||Jan. 13, 2009|
|Detection updated on:||Jan. 20, 2009|
IRCBot.CIG is a worm which exploits a vulnerability in the Windows Server Service which allows remote code execution. It is the vulnerability MS08-067.
Additionally, it carries out several modifications in the Windows Registry with the following consequences, among others:
- It prevents the access to the Task Manager, which allows the user to view the processes that are being run.
- It reduces the computer security, as it disables the antivirus and firewall notifications from the Windows Security Center.
IRCBot.CIG spreads by exploiting the vulnerability MS08-067 and making copies of itself in the removable drives.
IRCBot.CIG is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.>>>