Hi :)
FYI:
CSIS security has received reports of a new worm that spreads via Windows Live Messenger. They have analyzed the malicious code and recommends that users block several domains in its Firewall / Proxy / Content Filter to avoid computers in the network becomes infected with this worm.
This is a SDbot variant. The code is not only able to spread among Windows Live Messenger users, but will also connect the infected machine to a botnet server, from which the machine can be remote controlled and further spread the code through shares in a network.
The worm spreads primarily by sending messages to all Windows Live Messenger contacts found on the infected machine. The message is short and easily recognizable (space inserted by CSIS):
"haha http://james panetta.com / image.php? = [recipient email address] "
If the user clicks at this link in Windows Live Messenger, then the file "pic0012-jpeg www imageupload.com" will be offered and which obviously is
malicious and is not to be activated.
Research: tdconline.dk : http://sikkerhed.tdconline.dk/publish.php?id=19885 (http://sikkerhed.tdconline.dk/publish.php?id=19885)
Translated into English by Stealthzone