Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server in order to receive remote commands. It spreads exploiting the LSASS vulnerability, across network shares, and through shared, mapped and removable drives.
|First detected on:||May 8, 2009|
|Detection updated on:||May 19, 2009|
IRCBot.CNK is a worm which connects to an IRC server in order to receive the following remote commands, among others:
- Monitor the network traffic.
- Download files, which can be of any nature, including malware.
- Update itself.
IRCBot.CNK uses the following means to spread:
- exploiting the LSASS vulnerability (MS04-011).
- across network shares protected with weak passwords.
- through shared, mapped and removable drives, making copies of itself in them.
IRCBot.CNK is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.>