IRCbot.CPH

Posted: January 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	4

First Seen:	January 5, 2012
OS(es) Affected:	Windows

IRCbot.CPH is a virus that propagates through mass-mailed e-mail (AKA spam). Although IRCbot.CPH was first identified by many types of PC security companies in mid-2009, IRCbot.CPH is capable of infecting most versions of Windows and remains a credible threat to your computer if you're exposed to IRCbot.CPH. SpywareRemove.com malware researchers note that symptoms of IRCbot.CPH's actions may be minor, since IRCbot.CPH attempts to conceal itself, up to and including the deletion of its original file and infection of innocent Windows processes. However, IRCbot.CPH can be detected and deleted by competent anti-malware scanners without trouble. Laxness in doing this promptly can allow IRCbot.CPH to open a backdoor on your PC that remote criminals can exploit to force your computer to undergo self-destructive or illegal actions – including DDoS attacks or installation of information-stealing spyware.

IRCbot.CPH: Slinking into Your Computer and Closing the Entrance on Its Way In

As a virus, IRCbot.CPH is capable of inserting its code into completely-normal processes such as svchost.exe or explorer.exe. This makes detection of IRCbot.CPH difficult, although you may be able to notice IRCbot.CPH due to unusual resource usage (such as RAM or CPU) from certain processes in Task Manager. After IRCbot.CPH successfully-infects a process, IRCbot.CPH will delete the original file that contained its code, thus minimizing all traces of its presence on your PC.

Due to IRCbot.CPH's stealthy nature, SpywareRemove.com malware researchers note that avoiding an IRCbot.CPH infection is easier than detecting one. IRCbot.CPH is distributed as a file attachment in mass-mailed e-mail messages; although this file attachment may appear to be harmless, downloading and running actually will install IRCbot.CPH. Since IRCbot.CPH distributes itself by harvesting contact information from programs like Outlook and MSN Messenger, an IRCbot.CPH-contaminated e-mail message may even appear to be sent by somebody you know. If you do have IRCbot.CPH on your PC, you should compensate for this by notifying your friends to prevent IRCbot.CPH from being installed on other computers.

Why IRCbot.CPH Wants Into Windows

IRCbot.CPH uses IRC-based backdoors to allow criminals to have remote access to your PC. This can be exploited to install other PC threats, steal information, alter your security settings or force your PC to undertake harmful actions like Distributed-Denial-of-Service attacks. In most cases, symptoms of these attacks will be minor, and you should use anti-malware products to find IRCbot.CPH or related PC threats. Quick removal of IRCbot.CPH by appropriate software should fail to harm the IRCbot.CPH-infected file or Windows itself, although a long delay simply allows greater opportunity for additional damage to occur due to other PC threats or intervention by IRCbot.CPH's hacker partners.

IRCbot.CPH is only capable of attacking Windows, but IRCbot.CPH can infect most versions of Windows, despite being designed for 32-bit platforms. Anti-malware scanners may also detect IRCbot.CPH by its alias, W32/IRCbot.CPH.

IRCbot.CPH

Threat Metric

IRCbot.CPH: Slinking into Your Computer and Closing the Entrance on Its Way In

Why IRCbot.CPH Wants Into Windows

Leave a Reply