SANS Internet Storm Center reports of a new worm that is making rounds in Asia. The said worm reportedly propagates via MSN Messenger, with the usual catchy messages like “Heeey! I found a picture of you online, take a look” to trick unsuspecting users into clicking the link.

Of course, as with previous MSN worms, the link does not point to pictures, but rather to a malicious Web site where another threat is downloaded into the system. Users are thus advised to avoid clicking links sent by instant messaging contacts, especially if they are coming from unexpected sources.

Trend Micro currently detects the downloaded threat as BKDR_RINBOT.B, an IRC-based backdoor that most likely turn compromised systems into zombie machines (hence the detection name). Meanwhile, the Trend Micro Service Team is currently analyzing the worm component. Stay tuned for updates.

Update (02.14.2007):

Trend Micro now detects the worm component as WORM_SPOTFACE.A. Initial analysis reveals that this worm also deletes .EXE files in the root folder and terminates certain processes (including one process related to a FUJACKS variant). All the more reason not to click on links this worm sends out…