本帖最后由 绅博周幸 于 2011-9-11 17:36 编辑
ubuntu2011 发表于 2011-9-11 17:31 
windows defender报警,求分析行为
非常明显的Backdoor.IRC.Bot
Backdoor.IRC.Bot is a generic detection for Trojan horses that open a back door on the compromised computer and connect to Internet Relay Chat (IRC) channels to launch distributed denial of service (DDoS) attacks.
Background information
A Backdoor.IRC.Bot is a type of Trojan horse that opens a back door on the compromised computer using Internet Relay Chat (IRC) channels, allowing a remote attacker to perform various functions. In particular, this type of Trojan - also known as a 'bot' as it allows the attacker to gain control of the compromised computer - creates a type of network of computers, called a botnet, to launch distributed denial of service (DDoS) attacks at a specific target.
A malicious author creates the Trojan and distributes it using a variety of methods, such as placing it on peer-to-peer websites or spamming it as an email attachment. (Its worth remembering that Trojans do not self-replicate, hence the malicious author needs to utilize other vehicles for it to spread.) Once the threat has compromised a computer, it joins a predetermined IRC channel and awaits instructions from the malicious author. As this process is completed almost, if not completely, silently - for example, the Trojan may have been bundled with a video file and while that video plays normally, the Trojan is installed in the background - the user is unaware that his or her computer has been compromised and that a back door is now open.
Once the malicious author has compromised multiple computers and built the botnet - there have been cases of botnets containing tens of thousands of computers - the author will issue commands for the botnet to perform a DDoS attack. A denial of service is as the name suggests, whereby the target server is overwhelmed by numerous simultaneous connection requests, therefore denying access to any new connections.
|
[复制链接]
发表于 2011-9-11 17:25:48
楼主
,求分析行为
发表于 2011-9-11 17:32:58
