Riskware:W32/mIRC

Classification

Riskware

Riskware

W32

Client-irc.win32.mirc

Summary

Useful, legitimate software which could possibly be misused for malicious purposes.

Removal

Automatic action

Based on the settings of your F-Secure security product, it may block the file from running, move it to the quarantine where it cannot spread or cause harm, or ask you to select an action.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Riskware:W32/mIRC is an Internet Relay Chat (IRC) client that can be silently subverted by malware to become a backdoor. By itself, the program is not malicious.

Activity

Malware such asBackdoor:W32/Zapchast and its variants can use malicious configuration files to turn the mIRC-client into a backdoor. The malicious configuration files are detected as Backdoor.IRC.Zapchast.

In addition to subverting the mIRC client, these files will also contain the name of an IRC channel which the mIRC-client will automatically try to join on each startup.

Sometimes, Zapchast variants will use additional batch files which provide added functionality, such as performing registry changes to create a launchpoint for the backdoor. These auxiliary batch files are detected as Trojan.BAT.Zapchast.

Date Created: 2009-08-25 05:21:32.0

Date Last Modified: 2010-03-26 08:35:47.0