MIRC Trojan-Related Attack Detection and Repair

UPDATE: As of September 6, 2002, reports of malicious activity that follow the particular pattern that is outlined in this article have lessened significantly. The Microsoft Product Support Services Security Team has modified this Microsoft Knowledge Base article to reflect this information and to refine suggestions for detection and repair criteria.

Microsoft has investigated an increase in malicious activity that tries to load code on Microsoft Windows 2000-based servers. This activity is typically associated with a program that has been identified as Backdoor.IRC.Flood.

By analyzing computers that have been compromised, Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature. Instead, the attacks seek to take advantage of situations where standard precautions have not been taken as detailed in the “Prevention” section of this article. The activity appears to be associated with a coordinated series of individual attempts to compromise Windows 2000-based servers. As a result, successful compromises leave a distinctive pattern.

Click here for more.