Tandem-type IRC Bots

Our automated malware analysis system, Lavasoft MAS, recently revealed an interesting incident. A system was infected by three IRC bots at a time: Nrgbot, Blazebot and Rbot. Analysis of Rbot showed that at least two C&C servers existed from which commands can be received by three bots at a time.

Each bot can periodically download updated modifications by commands issued via IRC. This causes difficulties in attempts to disinfect the compromised system. Detection rates for the latest modification of Rbot are shown below.

We revealed an interesting collection of IRC bots created by attackers.

The fact that the Nrgbot builder and source code as well as Rbot source code have become public and are returned as first results in google searches, gives attackers a wide range of possibilities on the affected system.

  • Back to articles


    • Share this post:    Twitter Facebook

    Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
    © 2024 Lavasoft. All rights reserved.
    Terms Of Use |   Privacy Policy


    x

    Our best antivirus yet!

    Fresh new look. Faster scanning. Better protection.

    Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

    For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

    Download adaware antivirus 12
    No thanks, continue to lavasoft.com
    close x

    Discover the new adaware antivirus 12

    Our best antivirus yet

    Download Now