Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
    • About Us
    Trendlabs Security Intelligence > Shortened URLs in IM Apps Lead to a Worm

    TrandLabs engineers recently discovered that cybercriminals now use shortened URLs to spam malware via instant-messaging (IM) applications like Yahoo! Instant Messenger and MSN. As we all know, URL-shortening services are used to compress long and unreadable URLs into short, bite-sized ones. Short URLs are more portable and are now preferred over the (normally long) actual URLs when one wishes to share news within networks using their own websites, blogs, Tweets, and other social media tools.

    The bad guys seem to have changed their strategy. We have gotten used to seeing malicious URLs like http://{BLOCKED}img.com/IMG-004592.com?=, http://www.{BLOCKED}ok.com/view.php?=PHOTO1598526.JPG?, and http://www.{BLOCKED}-photos.com/view.php?=PHOTO23032010.JPG? in instant messages. Now, we see a slew of instant messages containing shortened URLs like http://{BLOCKED}.com/pict04042010jpg and http://{BLOCKED}.com/va98d.

    Shortening URLs may mean two things. First, this makes it harder for antivirus companies to block malicious URLs, as it would take them longer to get the landing link. Second, URL-shortening services can be used by cybercriminals to trick users into clicking suspicious links.

    Malware that spread via IM applications based their messages on the OS a computer uses. Cybercriminals have also been known to use shortened URLs for spamming purposes as shown in the following screenshots.

    Click for larger view Click for larger view

    Clicking the shortened URLs in the sample instant messages lead to the download of {BLOCKED}082010-jpg-www-facebook-com.scr detected as WORM_BUZUS.AG, which propagates via physical/removable/floppy drives and peer-to-peer (P2P) networks by spoofing the names of some popular applications, games, and movies. It is also capable of launching a denial-of-service (DoS) attack using SYN floods.

    Trend Micro™ Smart Protection Network™ protects users from this kind of threat by blocking access to all related malicious URLs and preventing the download and execution of the malicious file.

    Update as of April 12, 2010, 3:00 p.m. (GMT +8:00):

    The links were also found to download a new KOOBFACE variant detected as WORM_KOOBFACE.ZD.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Wednesday, April 7th, 2010 at 6:21 pm and is filed under Bad Sites, Malware, Spam . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice