|
|
|
VIRUS NAME
: IRC/Gleep
Virus
Characteristics
This is an
Internet worm that attempts to send itself to others using mIRC and KaZaa. When
this virus is activated on a host system, IRC/Gleep will modify the MIRC.INI
file of with instructions to load a newly created SCRIPT.INI.
The SCRIPT.INI file contains instructions to connect to the IRC network using
an IRC server named irc.megatokyo.com, and join a channel named "mtartanddrawing".
This message is sent to the channel:
Gleep is a Biznatch and w3r3z tha
b33f
A message is sent to a mIRC user (possibly the author) with this note:
gleep.bug--
Next, the SCRIPT.INI instructs mIRC to join the channel "akufansubs"
and send a note to others suggesting trading pics. An attempt is made to then
send a file "C:\My_Self_picture.zip" to other users. Due to bugs in
the code, this file is never created.
The script screens for the string "pic" and if this string is identified,
the infected system will attempt to send the file "C:\My_Self_picture.jpg.exe".
Due to bugs in the code, this file is never created.
IRC/Gleep will also attempt to delete the following files from the infected
host:
- cdplayer.exe
- defrag.exe
- edit.com
- notepad.exe
- pbrush.exe
- welcome.exe
- winfile.exe
Symptoms
Content of SCRIPT.INI
has references to IRC/Gleep.
Missing key files.
Joining specific channels
automatically when starting mIRC.
Method
Of Infection
This IRC worm will immediately modify the host configuration files in an effort
to spread further.
|
|
|
