Apparently the latest backdoor infection Backdoor.IRCBot.Dorkbot.A spreads either via online messaging (MSN etc..) or USB devices. Its spreading is medium, and his danger as well. It was discovered on May 15th past year, additional to its size: ~118Kb...
Symptoms: Extra http traffic;
Presence of a hidden file in folder. The name of the file is random.
Presence of “HKEY_CURRENT_USER\Software\\Microsoft\\Windows\\CurrentVersion\\Run\file name” value.
Once executed, it copies itself - The copy is hidden and the name is random..
That's all I can get.. The rest in the source.. I understood ZERO. I'm so ashamed i'm in a community where most people know the other things.
Edited by Kurt14, 10 July 2012 - 01:56 PM.