Be alert if you're a A Yahoo! Messenger (YM) user, a new worm is quickly spreading on Yahoo! Messenger via Web links to fake images. Users who fall victim to this threat have an IRC botnet client installed on their computers. According to security researchers from Vietnam-based antivirus vendor Bkis, who analyzed the new worm, it spreads though YM spam.
According to him the malware sends out malicious links of the form http://[rogue_domain_name]/image.php to the entire contact list of any user logged into YM on an infected computer. Yahoo! Messenger spam spreading the new Ymfocard worm. Visiting the spammed websites results in a download prompt for an executable file deceptively called IMG87654.JPG-www.myspace.com.exe (the number after IMG can differ). A different social engineering trick used in this attack is the default image icon being displayed for file.
And once this executed on your system, the worm installer drops a file called infocard.exe in the Windows directory and writes startup registry keys for it under [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run], [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] and [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run].
Three other files called mdt.sys, mds.sys and winbrd.jpg are created alongside infocard.exe and a new value is added to [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\ StandardProfile\AuthorizedApplications\List] in order to create an exception in the default Windows firewall.
Malicious worm installer displayed with default image icon. An automated ThreatExpert analysis of the worm performed earlier today reveals that its payload involves connecting to IRC and joining a botnet. On first run, the worm points the browser to http://browseusers.myspace.com/Browse/Browse.aspx, which appears to be a legit MySpace resource.
"The nature of this attack is nothing new, because some worms already used this way of attack. However, it is always potentially dangerous to unaware users […] Yahoo! Messenger users should raise their awareness when receiving unknown links, even from their friends, and regularly update the latest version of their AV programs to protect their computers," advises Bkis, whose BKAV antivirus product detects this threat as W32.Ymfocard.fam.Botnet. Another alias for it appears to be Mal/Rimecud-D, according to Sophos.
srouce
Providing Free Tech Support, Mobile and Tech updates, Free Mobile Apps, Apps on Demand, Handler UI Mod, Mobile Tips-Tricks, Free GPRS Setting, Windows Apps & Tips And Lots More Only At Your Favorite Mobile/Tech Blog
|
A New Worm Targeted to Yahoo! Messenger Users
Plz Do not Hesitate to Comments on Article. You can share if you know more about it
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Thanks for Your valuable comments. You'll get a reply soon -mannuforall