Client Login
 Quick Contact
New worms spread through Yahoo Messenger
Category : General 08 May 2010 02:46 AM | Industry News
A new and particularly virulent worm weaseled its way into the Yahoo Messenger community this week, infecting an unknown number of users after tricking them into clicking on link masquerading as "foto" or "fotos" from someone in their contact list.
The worm gets copied to the %WinDir%\infocard.exe file and gets added in the Windows Firewall list. It blocks the operation of the Windows Update service and also sets a registry value for itself so that it is activated every time the system is booted up.
A worm identified as W32.Yimfoca is reported to be spreading through Yahoo Messenger right now. The worm throws up a link to an image from a contact in your Yahoo Messenger. The worm works by tricking people into downloading “what they perceive” as a picture from a Yahoo IM contact, however it is in reality a malware that installs a backdoor on Windows systems and spreads to a victim’s IM contacts.
At this point, the worm then sends out links to the worm to everyone on the user's contact list and begins to download and execute other malicious files.
Internet security firm Symantec said that its anti-virus programs detect the malicious file as W32.Yimfoca. Security firms BitDefender and Bkis have also obtained information on the worm with BitDefender warning on its blog that the worm may be able to intercept passwords and access sensitive data.
"The nature of this attack is nothing new, because some worms already used this way of attack," BKIS researchers blogged. "However, it is always potentially dangerous to [unaware] users. Bad guys have integrated some phishing elements to trick [the] user into clicking the link and then opening the downloaded file."
TAGS : Malware, IM, Worm.