Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Yahoo! Messenger Users Targeted by New Worm.


04 May 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Yahoo! Messenger Users Targeted by New Worm.

Quote:
A new worm is quickly spreading on Yahoo! Messenger (YM) via Web links to fake images. Users who fall victim to this threat have an IRC botnet client installed on their computers.

According to security researchers from Vietnam-based antivirus vendor Bkis, who analyzed the new worm, it spreads though YM spam. The malware sends out malicious links of the form http://[rogue_domain_name]/image.php to the entire contact list of any user logged into YM on an infected computer.

Visiting the spammed websites results in a download prompt for an executable file deceptively called IMG87654.JPG-www.myspace.com.exe (the number after IMG can differ). A different social engineering trick used in this attack is the default image icon being displayed for file.

Once executed on a system, the worm installer drops a file called infocard.exe in the Windows directory and writes startup registry keys for it under [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run], [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] and [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run]. Three other files called mdt.sys, mds.sys and winbrd.jpg are created alongside infocard.exe and a new value is added to [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\ StandardProfile\AuthorizedApplications\List] in order to create an exception in the default Windows firewall.
Source -
Yahoo! Messenger Users Targeted by New Worm - Infected computers join an IRC botnet - Softpedia


My System SpecsSystem Spec
.

Reply

 Yahoo! Messenger Users Targeted by New Worm.




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:30 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33