So, a new method had to be put to test is order to provide email users with the so much (not) needed dose of malware, F-secure reports: drive-by-downloads.
The email comes attachment-clean, but it does feature a link towards towards the malware: not via HTTP but via FTP.
In today’s case, the mail is a fake Hallmark greeting card meant to take the victim to a FTP site where a Zapchast mIRC-bot variant is just waiting to be downloaded and installed.
Zapchas is a backdoor trojan that installs an Internet Relay Chat (IRC) client on the infected machine without the user’s knowledge. Furthermore, it also installs IRC scripts and configuration files that allow the infected machine to be used as a zombie. The infected machine connects to certain IRC channels specified in the configuration files and is subject to commands issued by the attacker.