A worm is making use of MSN messenger to ring in the New Year — by spreading copies of itself, of course.
It sends any of the following messages:
- Hey, Can i put theese on facebook?
- Hi, have u seen my New Year pics yet? if not, this you gotta see!
- Hi, this you gotta see!
- Hey, Some pics from New Year at my place 🙂
- Hey, happy New Year, heres som pics from New Year! 🙂
These messages are accompanied by a link that downloads Photos1-2008.zip which, when opened, drops the file happy2008.exe together with the ZIP file. Trend Micro detects both files as WORM_IRCBOT.EL.
If installed successfully, the worm tries to repeat the process: it sends a link to the malicious .ZIP file to all contacts listed in the currently logged-on user’s MSN Messenger account. The worm may also allow a remote malicious user to execute commands on the affected system.
Malware authors have long relied upon the human element as the “weakest link” in system protection. The popularity of MSN Messenger, and any other instant messaging application in circulation, makes it a highly appealing vector to spread their malicious wares. However, similar to spam email, most attacks in this avenue require the user to manually click a link.
Use of IM clients may be impossible to avoid in today’s tech-ingrained culture. The best users can do is to either avoid clicking links received via IM, disable links from being clickable at all if their IM clients allow it, or to simply ask a follow-up question to the sender, like: “hey, is this file safe?” Chances are, it won’t answer if it’s malware doing the sending.
True, good cheer spreads fast but unfortunately, so does malware, if one is really not careful.