Win32/IRCBot.NHR
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 8 |
| First Seen: | December 3, 2014 |
| Last Seen: | November 27, 2021 |
| OS(es) Affected: | Windows |
Win32/IRCBot.NHR is a threat that may be used for a wide variety of attacks. Win32/IRCBot.NHR may be used for attacks ranging from DDoS attacks (Distributed Denial of Service) to sending out spam email or distributing other threats. Win32/IRCBot.NHR is an example of a threat that may be installed after taking advantage of vulnerabilities in order to create a backdoor on a computer. After installing the backdoor on the computer user's operating system, threats like Win32/IRCBot.NHR may be used to control the infected computer from a remote location or through automated attacks using IRC (Internet Relay Chat) protocol. Using Win32/IRCBot.NHR, third parties may use the infected computer for a wide variety of activities. Some examples of why third parties would want to gain control over your computer may include the following:
- Third parties may use Win32/IRCBot.NHR to utilize a computer to send out massive quantities of spam email messages.
- Win32/IRCBot.NHR may be used to store data on infected computers. For example, instead of containing compromising data on their own hard drives (such as child pornography), third parties may stash it on victims' computers to conceal it from law enforcement.
- Win32/IRCBot.NHR may be used to carry out DDoS attacks by overloading servers with requests from large numbers of infected computers.
Other activities in which Win32/IRCBot.NHR may be involved include threat distribution, BitCoin mining and money laundering. Because of this, Win32/IRCBot.NHR is a high-level threat that should be dealt with right away with the help of a strong, fully updated anti-malware application and other security software.
Win32/IRCBot.NHR may be Associated with a Threatening Windows Vulnerability
There is a vulnerability in the Windows operating system that has been available since Windows 95! This vulnerability was discovered on a Bulgarian website. Since then, this vulnerability has received the name of 'Unicorn'. This bug, correctly identified with the code CVE-2014-6332, is quite rare. It was first observed by a researcher in China, who used a proof of concept code to demonstrate that the bug was there. The attack on the Bulgarian website is the first observed instance of Unicorn being used to carry out threat attacks.
The Unicorn bug has been around for 19 years and has been exploitable from a remote location for 18 of those years, when VBScript was introduced into Web browsers. This weakness is particularly worrying because it has remained in the Windows Operating Systems despite countless security measures and upgrades in the last two decades. However, capitalizing on the Unicorn bug is not easy. Unfortunately, the availability of a proof of concept code has meant that third parties have been able to take it and modify it for their own attacks. This may be a concealed blessing since it will force Microsoft to fix the Unicorn bug finally on their operating system.
Unicorn attacks use an exploit kit. There's a couple of payloads that may be associated with Unicorn, both of which install Win32/IRCBot.NHR. This threatening infection may be used for a high number of attacks. Unfortunately, PC security researchers believe that this is may be only the first of a flood of attacks that may start to integrate this threatening vulnerability. New updates to exploit kits may add Unicorn into third parties' arsenal. Microsoft has released patches and updates that allow computer users to protect their computers from Win32/IRCBot.NHR and other attacks that leverage Unicorn. However, it is necessary for computer users to update their software, which in many cases does not happen in a timely manner
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.