Results 1 to 3 of 3

Thread: Complex IM Worm Infects Yahoo! Messenger and Skype Users

  1. #1
    Senior Member Cile's Avatar
    Join Date
    Nov 2009
    Location
    Australia
    Posts
    5,071
    Thanks
    666
    Thanked 2,304 Times in 1,226 Posts
    Blog Entries
    9

    Complex IM Worm Infects Yahoo! Messenger and Skype Users

    Security researchers warn that a new worm is targeting instant messaging users. Spotted on Yahoo! Messenger (YM) and Skype, the attacks use sophisticated social engineering techniques to trick users into infecting themselves.

    It certainly looks like IM worms are making a comeback on the threat landscape, as this is the second malware of this kind to emerge in under a week. Just this Monday, the online community was abuzz with news of a worm rapidly spreading through Yahoo! Messenger. The threat was so serious that BitDefender saw fit to release a standalone removal tool.


    Security researchers from Vietnamese antivirus vendor Bkis are again amongst the first to report on the new attacks, which, this time, have extended beyond YM and affect Skype too. "Still using the method of inserting malicious URLs into chat windows like [their alias for the worm discovered earlier this week], however, social engineering skill of the Worm, this time, is much more sophisticated than the previous one," they warn.

    The messages used to lure potential victims are more enticing and variate with each attack. "Does my new hair style look good? bad? Perfect? " or "My printer is about to be thrown through a window if this pic won't come our right. You see anything wrong with it?" are just two examples. Also, the spammed image URLs end in actual .JPG and point to a RapidShare lookalike website called tinyfilehost.com.

    Hitting the download button on the page prompts the download of an archive file called NewPhoto024.JPG.zip. Inside the archive, there is a .COM MS-DOS executable file deceptively called NewPhoto024.JPG_www.tinyfilehost.com, which installs a variant of a backdoor named Tofsee, Flot or Skyhoo, depending on antivirus vendor.

    Bkis points out that while Skyhoo installs an IRC botnet client, just as Ymfocard, the new worm is much more complex. For one, it is able to block antivirus software from functioning properly and uses a rootkit component to hide itself. Moreover, it also adds malicious links to any Word and Excel document opened on the computer or any email composed in Outlook. It also infects removable USB drives and creates an autorun.inf file to execute itself.

    YM and Skype users are advised to exercise increased caution when choosing to open links received from their friends and, as always, connect to the Internet with a capable and up-to-date antivirus product installed. At the time of writing this article, only 13 out of 41 AV engines on VirusTotal detect the .COM file as being infected.

    Source:
    Complex IM Worm Infects Yahoo! Messenger and Skype Users - Employs advanced social engineering - Softpedia


    Complex-IM-Worm-Infects-Yahoo-Messenger-and-Skype-Users-3.jpg


    i remember the msn one that used to open everybody on your list when you sign in lol....

  2. #2
    Senior Member
    Join Date
    Sep 2009
    Posts
    4,784
    Thanks
    787
    Thanked 1,791 Times in 1,262 Posts
    Blog Entries
    5
    Whew. Good thing I'm not 16 years old... lol.

  3. #3
    New Member
    Join Date
    Dec 2009
    Posts
    110
    Thanks
    9
    Thanked 19 Times in 6 Posts
    Confusing people with .com extensions. Now THAT is clever.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •