New Yahoo! Messenger worm spotted
Posted on 04.05.2010
You've have all probably been already told a hundreds of times to be careful when clicking on links in unsolicited emails and messages. But, what you also need to know and hear repeatedly is that you need to be careful even when following links found in messages from your friends.

Case in point: the Yahoo! Messenger worm that has recently been detected by Symantec.

Unsuspecting users have been receiving instant messages from people on their contact list that look like this:


The link is subject to change, but if the user follows it, he will be prompted to save the following file:


As the most alert users will notice, the real extension is not .jpg but .exe. As you might have guessed, the link leads to the worm executable, and if the user runs it once it's saved, it will copy itself, add itself to the Windows Firewall List, stop the Windows Updates service and modify the registry in order to make itself run every time the computer boots.

It propagates itself by searching for the user's Yahoo! Messenger and sending the same messages that started the infection in the first place to all the people in the contact list. To avoid bringing attention to itself, the first time that the executable is run, this page will open itself in the user's browser.

So far, there is no indication that the worm is doing anything else besides what has been mentioned before, but with things like this you can never know for sure that it won't also be used to download and execute other malicious files. The fact that it stops the Windows updating process is indication enough that this worm is up to no good.

Once again - if you receive messages like these, it is better to check with your contacts whether they have actually sent the link.






Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //