Advanced threats researcher Jonell Baltazar recently spotted an instant message that contains a link to a malicious page.
The URL shortener used in this attack, ow.ly, shortens long URLs using the format http://ow.ly/(5 alphanumeric characters). Note that the spammed URL was padded with the query string ?=www.facebook.com/photo.php. This can lead users to believe that they are going to a Facebook page to see a picture, as the instant message says. Unwitting users, failing to see the entire URL, are led to believe that they will land on a Facebook page instead of a malicious page.
Users should always exercise caution in clicking strange links, regardless of source—social media, email messages, or instant messages.
The malicious link downloads a worm detected by Trend Micro as WORM_YIMBOT.A. Smart Protection NetworkTM already protects Trend Micro product users from this attack. In addition, the site the shortened link targets has also been blocked.