W32/Ircbot.TT and W32/Ircbot.TU exploiting the MS06-40 vulnerability

14 August 2006

New variants of the W32/Ircbot family of viruses (W32/Ircbot.TT and W32/Ircbot.TU) were detected earlier today. These new viruses are backdoor Trojan horses that connect to a remote IRC server and wait for commands from a remote attacker.

They were proactively detected as

Possibly a new variant of W32/Threat-HLLIM-based!Maximus
and F-Prot Antivirus users were therefore never at risk of being infected.

These new viruses exploit a remote code execution vulnerability in the Microsoft Windows Server service (MS06-40) that could allow an attacker to take complete control of the affected system. This vulnerability was reported in the Microsoft Security Bulletins for August 2006.

These viruses are set to modify several security settings on the affected computer, connect to a remote IRC server and start listening for commands from a remote hacker. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

For more detailed technical information and removal instruction of these viruses, see

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detect these threats as W32/Ircbot.TT and W32/Irbot.TU using virus signature files dated 14 August 2006 or later.

They are proactively detected using virus signature files before that date as "Possibly a new variant of W32/Threat-HLLIM-based!Maximus".

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement