New Yahoo! Messenger Worm Makes the Rounds, Hits Skype Too
Article by George Norman
On 10 May 2010
A few days ago we were reporting that a worm is spreading via Yahoo! Messenger. The user would receive an instant message that contained a link to what seemed to be a photo. When the user clicked the link he was directed to a webpage – and on that webpage he would be asked to download what seemed to be an image, but was in fact an executable. That executable was a very dangerous worm that created folders in the Windows foldery, modified registry keys, disabled the operating system’s firewall, and could potentially allow someone with malicious intent to take over the compromised machine.

BitDefender says it is a variant of the Palevo worm. Symantec detects the worm as W32.Yimfoca. Security firm Bkis detects the worm as W32.Ymfocard.fam.Botnet.


According to Bkis there is now a newer and more sophisticated version of this worm making the rounds online. The worm targets Yahoo! Messenger users as usual. The news is that it also targets Skype users. The worm is detected by Bkis as W32.Skyhoo.Worm

Just like before, the worm sends messages to Yahoo! Messenger and Skype users; these messages contain malicious links to what seems to be an image (it is not!). To fool the user into thinking the message is genuine, the text that accompanies the link is changed.

“Each time spreading, the messages sent by the Worm have different contents, for example, “Does my new hair style look good? bad? perfect?“, “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?“… The users are more easily tricked into clicking the link by these messages, because users tend to think that “their friend(s)” are asking for advices. Moreover, the URL shows a .JPG file to users, reinforcing the users’ thought of an image file,” explained Bkis.

If a Skype or Yahoo! Messenger user clicks the link, he is sent to a site that resembles RapidShare. He will then be asked to download a .zip file that supposedly contains an image. The archive in fact contains an executable file – a worm.

Bkis explains what the worm does once it makes its way onto a user’s computer:
  • Automatically exits if the victim’s computer is not installed with Skype or Yahoo! Messenger.
  • Automatically sends messages with different contents containing malicious URLs to user names in Skype/Yahoo! Messenger friend list of the user
  • Automatically injects malicious link in to Word, Excel files or email that being composed.
  • Connects to IRC server to receive commands from hacker
  • Blocks operations of antivirus software
  • Anti virtual machine and sandbox
  • Uses rootkit technique to hide its files and processes
  • Prevents users from accessing more than 700 websites of security or antivirus
  • Automatically copies itself along with file Autorun.inf into USB drives to spread

The warning issued by Thyaga Vasudevan, Product Manager on the Yahoo! Messenger team, stands: do not click suspicious links and do not download executable files sent via Yahoo! Messenger.

Tags: Yahoo! Messenger, Skype, Worm, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
New Yahoo! Messenger Worm Makes the Rounds, Hits Skype Too
HTML Linking Code