Home > Threat descriptions >

Riskware:W32/mIRC

Classification

Category:  Riskware

Type:  Riskware

Platform:  W32

Aliases:  Client-irc.win32.mirc

Summary


Useful, legitimate software which could possibly be misused for malicious purposes.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Riskware:W32/mIRC is an Internet Relay Chat (IRC) client that can be silently subverted by malware to become a backdoor. By itself, the program is not malicious.

Activity

Malware such asBackdoor:W32/Zapchast and its variants can use malicious configuration files to turn the mIRC-client into a backdoor. The malicious configuration files are detected as Backdoor.IRC.Zapchast.

In addition to subverting the mIRC client, these files will also contain the name of an IRC channel which the mIRC-client will automatically try to join on each startup.

Sometimes, Zapchast variants will use additional batch files which provide added functionality, such as performing registry changes to create a launchpoint for the backdoor. These auxiliary batch files are detected as Trojan.BAT.Zapchast.

Description Created: 2009-08-25 05:21:32.0

Description Last Modified: 2010-03-26 08:35:47.0