This activity indicates traffic activity from an IRC client application. These applications are used for real-time conversations over the internet.
This signature can detect a user nickname change. Often, the change occurs soon after joining a channel.
IRC communication frequently is used by the creators of malicious software like trojans, bots, and other malware. Once the software is installed on the unsuspecting victim's system, it joins a chatroom, alerting the writer of its ip address and the successful system compromise. The writer can then issue commands to the malware.
If company policy includes information against installing or using IRC, and an IRC event is logged, it may be advisable to analyze the source system of the message for possible compromise. |