Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
28 entries found.
Displaying page 1
of 2.
Win32/IRCbot
Microsoft security software detects and removes this family of threats.
This family of backdoor trojans can download and install other malware on your PC. They can also give a malicious hacker access and control of your PC.
Alert level:
high
Exploit:Win32/MS06040.gen
Exploit:Win32/MS06040.gen is a generic detection for malicious software that attempts to exploit a vulnerability in Windows Server Service that can allow the execution of arbitrary code. The vulnerability is referenced in Microsoft Security Bulletin MS06-040 and Microsoft Knowledge Base article KB921883.
Alert level:
severe
Worm:Win32/Neeris.gen!C
Worm:Win32/Neeris.gen!C is the generic detection for a member of the Win32/Neeris family of worms. These worms spread via MSN Messenger and may contain backdoor functionalities. New variants of this worm may exploit a vulnerability in the Windows Server Service (srvsvc) in PCs that have not yet applied Microsoft Security Bulletin MS08-067.
Alert level:
severe
Worm:Win32/Neeris.AU
Worm:Win32/Neeris.AU is the detection for an IRC backdoor that spreads by copying itself into removable drives and by exploiting the vulnerability discussed in Microsoft Security Bulletin MS08-067. It connects to a remote IRC server to receive commands from a remote attacker.
Alert level:
severe
Worm:Win32/Autorun.MB
Worm:Win32/Autorun.MB is a worm that copies itself to mapped drives and allows remote access from an attacker. The worm can spread to other computers by exploiting a vulnerability that is present in computers that have not applied Microsoft Security Bulletin MS02-045, a security update first published in 2002.
Alert level:
severe
Worm:Win32/Slenping.X
Worm:Win32/Slenping.X is a detection for a worm that spreads to other computers by copying itself to mapped and removable drives and via Instant chat applications MSN Messenger and AOL Messenger.
Alert level:
severe
Backdoor:Win32/Momibot
Backdoor:Win32/Momibot is a backdoor trojan that connects to remote servers to perform various actions on the infected computer.
Alert level:
severe
Backdoor:Win32/Sdbot.ZA
Backdoor:Win32/Sdbot.ZA is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. This malware can also spread via network shares with weak passwords, and by exploiting a known vulnerability in the RPCSS Service (addressed in Microsoft Security Bulletin MS03-039).
Alert level:
severe
Worm:Win32/Slenfbot.JS
Worm:Win32/Slenfbot.JS is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Backdoor:Win32/Rbot.gen
Backdoor:Win32/Rbot.gen is a generic detection for a family of backdoor trojans that allows attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Alert level:
severe
Worm:Win32/Flibot.gen!A
Worm:Win32/Flibot.gen!A is a backdoor trojan that allows an attacker remote access to download arbitrary files.
Alert level:
severe
Worm:Win32/Neeris.AN
Worm:Win32/Neeris.AN is a worm that spreads by removable drives and by attempting to exploit a number of particular vulnerabilities. The worm also contains backdoor functionality that allows unauthorized access and control of the affected computer.
Alert level:
severe
Trojan:Win32/Ramnit.A
Windows Defender Antivirus detects and removes this threat.
This threat can give a malicious hacker access to your PC.
It can be installed when you visit a hacked or malicious web page.
See the Win32/Ramnit family description for more information on this type of threat.
Alert level:
severe
Backdoor:Win32/IRCbot.gen!Z
Backdoor:Win32/IRCbot.gen!Z is a backdoor trojan that connects to an Internet Relay Chat (IRC) server and provides attackers with unauthorized access and control of your computer. It is a member of the Backdoor:Win32/IRCbot family of backdoor trojans.
Alert level:
severe
Worm:Win32/Synigh.A
Worm:Win32/Synigh.A is a worm that spreads to other computers across a network. It also has a backdoor component that is capable of connecting to an IRC server and executing commands from a remote attacker.
Alert level:
severe
Backdoor:Win32/IRCbot
Backdoor:Win32/IRCbot is a Trojan that connects to an Internet Relay Chat (IRC) server and provides attackers with remote access to the infected system. Commands that can be remotely executed include downloading and executing files. Backdoor:Win32/IRCbot also includes the ability to send itself to MSN Messenger contacts.
Alert level:
severe
Backdoor:Win32/IRCbot.BH
Backdoor:Win32/IRCbot.BH is a generic detection for a backdoor trojan that connects to an IRC server to receive commands from an attacker. This trojan contains code that exploits vulnerable Windows computers that have not applied Security Bulletin MS08-067.
Alert level:
severe
Backdoor:Win32/Rbot
Backdoor:Win32/Rbot is a family of backdoor Trojans that allows attackers to control infected computers. After a computer is infected, the Trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the Trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The Trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Alert level:
severe
Trojan:Win32/IRCbot
Alert level:
severe
Backdoor:Win32/IRCbot.gen!V
Backdoor:Win32/IRCbot.gen!V is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Alert level:
severe