Yahoo! Tackles Worm Problem, Issues Warning to Users
Yahoo! Messenger users may have noticed that a rather annoying spam campaign has targeted the popular instant messaging application. You would just go about your day, when someone in your contacts list would send you a message – the message was a link to what appeared to be a photo. If you were to click the link, you would be directed to a website – and on that website you would be prompted to download a file that seemed like a JPG file.
It wasn’t much of a trick. In the file’s name the letters JPG were included, but the actual extension was not JPG, it was .EXE. A weary user would have noticed that they are not asked to download a JPEG file but an executable file. An executable file that could be anything – a virus, a Trojan, anything.
As it turns out, the executable was a worm, a variant of Palevo. Furhtermore, it turns out that some users did not pay attention to what they were asked to download. Quite a few downloaded the worm, which upon compromising their computers, started spamming Yahoo! Messenger users in their contact list.
Razvan Livintz, on behalf of BitDefender, explains what happens once the worm compromises the user’s computer: “Having an unprotected system infected with Palevo.DP is a synonym for mayhem. First and foremost, the worm creates several hidden files in the Windows folder and modifies some registry keys to point towards these files in order [to] annihilate the OS' firewall. As its siblings, Palevo.DP holds a backdoor component, which allows remote attackers to seize control over the compromised computer and do whatever they want with it – from installing additional malware and swiping files to launching spam campaigns and malware offensive on other systems.”
Thyaga Vasudevan, Product Manager on the Yahoo! Messenger team, announced that Yahoo! detected this issues and worked to resolve the situation. Vasudevan also gave Yahoo! Messenger users some common sense advice: do not click on suspicious links you receive, do not download executable files, and use a genuine, up-to-date antivirus application to protect your system.
“We recommend that any Yahoo! Messenger user who receives a suspicious IM containing a link should first IM the friend to ensure the message is legitimate before moving forward. We strongly advise users to not download executable (.exe) files that are sent through Yahoo! Messenger. Also, we recommend that users that have anti-virus software on their computer employ the latest anti-virus updates,” commented Vasudevan.
In related news, Adobe has recently announced that a spam campaign is making the rounds online, using its name to trick users (read more here).
It wasn’t much of a trick. In the file’s name the letters JPG were included, but the actual extension was not JPG, it was .EXE. A weary user would have noticed that they are not asked to download a JPEG file but an executable file. An executable file that could be anything – a virus, a Trojan, anything.
As it turns out, the executable was a worm, a variant of Palevo. Furhtermore, it turns out that some users did not pay attention to what they were asked to download. Quite a few downloaded the worm, which upon compromising their computers, started spamming Yahoo! Messenger users in their contact list.
Razvan Livintz, on behalf of BitDefender, explains what happens once the worm compromises the user’s computer: “Having an unprotected system infected with Palevo.DP is a synonym for mayhem. First and foremost, the worm creates several hidden files in the Windows folder and modifies some registry keys to point towards these files in order [to] annihilate the OS' firewall. As its siblings, Palevo.DP holds a backdoor component, which allows remote attackers to seize control over the compromised computer and do whatever they want with it – from installing additional malware and swiping files to launching spam campaigns and malware offensive on other systems.”
Thyaga Vasudevan, Product Manager on the Yahoo! Messenger team, announced that Yahoo! detected this issues and worked to resolve the situation. Vasudevan also gave Yahoo! Messenger users some common sense advice: do not click on suspicious links you receive, do not download executable files, and use a genuine, up-to-date antivirus application to protect your system.
“We recommend that any Yahoo! Messenger user who receives a suspicious IM containing a link should first IM the friend to ensure the message is legitimate before moving forward. We strongly advise users to not download executable (.exe) files that are sent through Yahoo! Messenger. Also, we recommend that users that have anti-virus software on their computer employ the latest anti-virus updates,” commented Vasudevan.
In related news, Adobe has recently announced that a spam campaign is making the rounds online, using its name to trick users (read more here).
