Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    We’ve received reports about a new wave of malware spreading via Facebook, Yahoo! Messenger and Windows Live. Messages are spreading via these services that have the following text:

    Foto :D http://{BLOCKED}{random numbers}

    Very similar attacks via social networks and instant messengers have taken place before:

    If anything, this is a classic tactic used by malware. This particular attack is detected as WORM_IRCBOT.PHT.

    WORM_IRCBOT.PHT’s routines are not particularly novel, but that doesn’t make them any less of a problem. In addition to sending out the messages it uses to propagate, it also connects to several Internet Relay Chat (IRC) servers. This effectively makes user systems part of a botnet, as cybercriminals use these servers to send commands to the system, including downloading other malicious files. The browser home page is also changed by WORM_IRCBOT.PHT.

    Recent media reports have stated that IRC-based botnets such as the one formed by WORM_IRCBOT.PHT are “dying off”, but as this incident shows the threat still exists. In addition, malware authors are constantly changing their tactics to stay on top of user trends, including social networking.

    In addition to detecting the malicious file, the websites hosting WORM_IRCBOT.PHT as well as the IRC servers are already blocked by Trend Micro products.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice