Signature Detail

Short Name	WORM:FIZZER:IRC-CHAN-1
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	WORM
Keywords	fizzer irc
Release Date	2003/05/16
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

WORM: Fizzer IRC BackDoor Infection (1)

This signature detects connection attempts to one of the 124 IRC channels hard-coded into the Fizzer worm. If detected, this is a likely sign of a Fizzer worm infection. An attacker can use the IRC client, built into Fizzer, to remotely control infected machines.

Extended Description

Fizzer is a worm that infects Windows operating systems, spreads by e-mail, records keystrokes, attempts to update itself, creates IRC bots, and may act as a primitive backdoor. It can act as a web server to receive certain commands from controlling servers or attackers.

References

URL: http://www.f-secure.com/v-descs/fizzer.shtml
URL: http://www.viruslist.com/eng/viruslist.html?id=60431
URL: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

WORM: Fizzer IRC BackDoor Infection (1)

Extended Description

References