Signature Detail

Short Name	WORM:FIZZER:IRC-CHAN-2
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	WORM
Keywords	fizzer irc
Release Date	2003/05/16
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

WORM: Fizzer IRC BackDoor Infection (2)

This signature detects attempts to connect to one of the 124 IRC channels hard-coded into the Fizzer worm. If detected, this is a likely sign of a Fizzer worm infection. An attacker can use the IRC client built into Fizzer to control infected machines remotely.

Extended Description

Fizzer is a worm that infects Windows operating systems, spreads by e-mail, records keystrokes, attempts to update itself, creates IRC bots, and may act as a primitive backdoor. It can act as a web server to receive certain commands from controlling servers or attackers.

References

URL: http://www.f-secure.com/v-descs/fizzer.shtml
URL: http://www.sarc.com/avcenter/venc/data/w32.hllw.fizzer@mm.html
URL: http://www.pspl.com/virus_info/worms/fizzer.htm

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

WORM: Fizzer IRC BackDoor Infection (2)

Extended Description

References