Troj Splitters
A Trojan has been reported to flood computers via mIRC by which a Denial of Service (DOS) attack could be performed. This Trojan displays no window, and allegedly runs only in the background.
Trend Micro reported that once the user runs mIRC, the Trojan acts as a server giving the client the capability to use the host computer to perform a DoS (Denial of Service) flood attack.
The Trojan does this by connecting the user through hebron.in.us.dal.net server to private IRC channels #splitters123 and #master-splitters using the following nick:
{Computer Name appended with {User Name}. (i.e. if the Computer Name is "PC" and User Name is "test", the nickname is "PC-test"),
That nick (i.e. PC-test) has the capability to DCC send and to send/reply to messages as :
"Sorry, I Am Busy Now! Try Later!", "Sorry my real sponsor is calling me now!!!", "Waiting for your orders - My Master", and "Bye, my Friend" just like an ordinary user.
The client inside the private channels then controls that server to execute the functions of the Trojan, which is primarily to flood a computer. It can also be inferred from the code that the Trojan has the capability to eject and close the CD-ROM and to control the mouse of an infected computer. The Trojan was compiled using MS Visual Basic 6.0 and it works both for Dial-Up and LAN (Local Area Network).