New Messenger Worm In The Wild

Started by Frands, January 08, 2009, 10:14:20 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Frands

January 08, 2009, 10:14:20 AM
Hi  :)

FYI:


CSIS security has received reports of a new worm that spreads via Windows Live Messenger. They have analyzed the malicious code and recommends that users block several domains in its Firewall / Proxy / Content Filter to avoid computers in the network becomes infected with this worm.

This is a SDbot variant. The code is not only able to spread among Windows Live Messenger users, but will also connect the infected machine to a botnet server, from which the machine can be remote controlled and further spread the code through shares in a network.

The worm spreads primarily by sending messages to all Windows Live Messenger contacts found on the infected machine. The message is short and easily recognizable (space inserted by CSIS):

     "haha http://james panetta.com / image.php? = [recipient email address] "

If the user clicks at this link in Windows Live Messenger, then the file "pic0012-jpeg www imageupload.com"  will be offered and which obviously is    
malicious and is not to be activated.

Research: tdconline.dk : http://sikkerhed.tdconline.dk/publish.php?id=19885
Translated into English by Stealthzone
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/
Print
Go Up Pages1
User actions