Instant messaging (IM) applications are popular infection vectors — malware authors are known to use instant messaging platforms to spread malware by sending either malicious files or URLs.
Trend Micro researchers have recently witnessed spammed email messages that use the popular IM application Yahoo! Messenger in propagating malware, but in a very different way than previously mentioned.
Here’s a sample email:
Clicking the Download now link downloads the file msgr8.5us.exe onto the affected system. When executed, it drops the following files:
- mirc.ini – detected by Trend Micro as Mal_Zap
- csrss.exe – detected as BKDR_ZAPCHAST.AX
- sup.exe – detected as BKDR_MIRCHACK.CE
For targeted victims who do, in fact, use Yahoo! Messenger, the promised update may prove hard to resist.
The same email message even instructs users to pass on the news to friends by sending them the source — not very friendly if the supposed update would lead one’s contacts to malware.
In the past few weeks we’ve seen malware and other Web attacks being disguised as software updates (see some of our posts here and here). Downloading from the software vendors themselves still is the safest way to go.
The Smart Protection Network now protects Trend Micro users from this threat.