As Halloween comes to a close, spirits and ghouls are already finding their way back to their crypts, but another WORM_SOHANAD variant haunts Yahoo! Messenger.

Trend Micro is able to detect the in-the-wild WORM_SOHANAD.AC. It bears the same instant messaging and registry modification routines as its predecessors. It also reportedly connects to a Web site that exploits a vulnerability in Microsoft Data Access components ( MS06-014).

Curiosity killed the cat, and YM users best remember this before clicking the link in any of the messages below, which this worm spreads around:

• check out my new personal website : http://{BLOCKED}termex.com c0ol !!!
  
• damn, she is so cute http://{BLOCKED}l-school.org/?id=miss_world :x:x:x:x
  
• have you ever seen such a silly man like this ? http://{BLOCKED}l-school.org/?id=stories =))
  
• look at my new lover : http://{BLOCKED}termex.com/darling.jpg :x
  
• the only way to clean some online viruses that may lead you into troubles : http://{BLOCKED}termex.com/?id=ie_protector

Considering the malware family’s infection success in recent weeks, this particular variant is probably not going to be SOHANAD’s last ‘boo’.