Home / malware IRC-Worm.Randon.I
First posted on 21 November 2011.
Source: BitDefenderAliases :
IRC-Worm.Randon.I is also known as N/A.
Explanation :
This worm spreads through IRC and is in fact a collection of backdoors, trojans, ddos programs and exploits, all packed in one executable file. The worm arrives as an exe file, through Mirc. Once this file is executed, the aforementioned registry key and files are created, and EXPL32.EXE (or LSASS.EXE for newer version) is run, thus giving the attacker complete control over the infected computer. It can download and install newer versions of itself from an internet address, files GT.EXE or GT2.EXE using its downloader component.
Last update 21 November 2011