Zapchast Strikes Via FTP
Gone are the days when spammers could infect computer by simply attaching an .exe file claiming to be something in the line of greeting card, funny game or the like. With settings keeping a more or less sharp lookout for this kind of things, the next wave of attacks comes via FTP.
March 7, 2008
The email comes attachment-clean, but it does feature a link towards towards the malware: not via HTTP but via FTP.
In today's case, the mail is a fake Hallmark greeting card meant to take the victim to a FTP site where a Zapchast mIRC-bot variant is just waiting to be downloaded and installed.
Zapchas is a backdoor trojan that installs an Internet Relay Chat (IRC) client on the infected machine without the user's knowledge. Furthermore, it also installs IRC scripts and configuration files that allow the infected machine to be used as a zombie. The infected machine connects to certain IRC channels specified in the configuration files and is subject to commands issued by the attacker.