Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
8 entries found.
Win32/Pushbot
Win32/Pushbot is detection for a family of malware that spreads via MSN Messenger, Yahoo Messenger and AIM when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.
Alert level:
severe
Backdoor:Win32/Sdbot.ZC
Backdoor:Win32/Sdbot.ZC is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. These commands can instruct the Trojan to perform a number of different actions, including downloading and installing additional components and spreading to other computers via MSN Messenger.
Alert level:
severe
Backdoor:Win32/Rbot!D195
Backdoor:Win32/Rbot!D195 is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets. Backdoor:Win32/Rbot!D195 may arrive
Alert level:
severe
Backdoor:Win32/IRCbot.OV
Backdoor:Win32/IRCBot.OV is a Windows Messenger worm with backdoor Trojan functionality. The worm sends message to random Messenger contacts with a link to a remote Web site hosting a copy of the worm. If IRCBot.BA is run, it connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.
Alert level:
severe
Virus:Win32/Zbot.A
Windows Defender Antivirus detects and removes this threat.
This is a detection for files that have been modified to connect to a certain IP address and download other malware.
The Win32/Zbot family description has more information.
Alert level:
severe
Worm:Win32/Pushbot
Worm:Win32/Pushbot is detection for a family of malware that spreads via MSN Messenger and AIM when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.
Alert level:
severe
TrojanDropper:Win32/Pushbot
Alert level:
severe
TrojanDownloader:Win32/Pushbot
Alert level:
severe