Home / malware Backdoor:IRC/Zcrew.gen
First posted on 05 March 2013.
Source: MicrosoftAliases :
There are no other names known for Backdoor:IRC/Zcrew.gen.
Explanation :
Installation
Backdoor:IRC/Zcrew.gen is installed by other malware, and is present as an IRC script file in the same folder as the affected installed IRC chat application (for example, mIRC).
In the wild, we have observed Backdoor:IRC/Zcrew.gen being dropped and installed by the following malware:
- Backdoor:Win32/Bifrose
- Backdoor:Win32/IRCbot
- Backdoor:Win32/IRCbot.gen!V
- Backdoor:Win32/IRCFlood
- Backdoor:Win32/Kirsun.A
- Backdoor:Win32/Poison.BQ
- Backdoor:Win32/Rbot
- Backdoor:Win32/Sdbot
- Trojan:Win32/Flood.L
- Trojan:Win32/Zapchast
- Worm:Win32/DuiskBot.gen
- Worm:Win32/Momma.A
- Worm:Win32/Neeris.gen!C
Payload
Allows backdoor access and control
Backdoor:IRC/Zcrew.gen allows unauthorized access and control of your computer. An attacker can perform any number of different actions on an affected computer using this backdoor. This could include, but is not limited to, the following actions:
- Stealing information about your computer (such as the version of Windows installed on your computer, the name of the network you use, etc.)
- Scanning for computers that have vulnerable remote administration software
- Sending information it steals to a remote attacker (as a radmin.txt file, for example)
Analysis by Mihai Calota
Last update 05 March 2013
