New Yahoo! Messenger Worm Makes the Rounds, Hits Skype Too
Article by George Norman
On 10 May 2010
A few days ago we were reporting that a worm is spreading via Yahoo! Messenger. The user would receive an instant message that contained a link to what seemed to be a photo. When the user clicked the link he was directed to a webpage – and on that webpage he would be asked to download what seemed to be an image, but was in fact an executable. That executable was a very dangerous worm that created folders in the Windows foldery, modified registry keys, disabled the operating system’s firewall, and could potentially allow someone with malicious intent to take over the compromised machine.

BitDefender says it is a variant of the Palevo worm. Symantec detects the worm as W32.Yimfoca. Security firm Bkis detects the worm as W32.Ymfocard.fam.Botnet.

Advertising

According to Bkis there is now a newer and more sophisticated version of this worm making the rounds online. The worm targets Yahoo! Messenger users as usual. The news is that it also targets Skype users. The worm is detected by Bkis as W32.Skyhoo.Worm

Just like before, the worm sends messages to Yahoo! Messenger and Skype users; these messages contain malicious links to what seems to be an image (it is not!). To fool the user into thinking the message is genuine, the text that accompanies the link is changed.

“Each time spreading, the messages sent by the Worm have different contents, for example, “Does my new hair style look good? bad? perfect?“, “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?“… The users are more easily tricked into clicking the link by these messages, because users tend to think that “their friend(s)” are asking for advices. Moreover, the URL shows a .JPG file to users, reinforcing the users’ thought of an image file,” explained Bkis.

If a Skype or Yahoo! Messenger user clicks the link, he is sent to a site that resembles RapidShare. He will then be asked to download a .zip file that supposedly contains an image. The archive in fact contains an executable file – a worm.

Bkis explains what the worm does once it makes its way onto a user’s computer:
  • Automatically exits if the victim’s computer is not installed with Skype or Yahoo! Messenger.
  • Automatically sends messages with different contents containing malicious URLs to user names in Skype/Yahoo! Messenger friend list of the user
  • Automatically injects malicious link in to Word, Excel files or email that being composed.
  • Connects to IRC server to receive commands from hacker
  • Blocks operations of antivirus software
  • Anti virtual machine and sandbox
  • Uses rootkit technique to hide its files and processes
  • Prevents users from accessing more than 700 websites of security or antivirus
  • Automatically copies itself along with file Autorun.inf into USB drives to spread

The warning issued by Thyaga Vasudevan, Product Manager on the Yahoo! Messenger team, stands: do not click suspicious links and do not download executable files sent via Yahoo! Messenger.



Tags: Yahoo! Messenger, Skype, Worm, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 18 Jul 2017
Sure, text remains the main method of communicating with others when using a messenger application like Skype, but if you really want to get the message across, using an emoticon, emoji or sticker can’t hurt.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
New Yahoo! Messenger Worm Makes the Rounds, Hits Skype Too
HTML Linking Code